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Lap  pools  and  take-home  meals  are  nice. 

But  this  year’s  survey  of  nearly 17,000  IT 
employees  found  that,  once  again,  the 
most-desired  benefits  include  technology, 
training  and  flexible  work  schedules.  Our 
Hth  annual  special  report  shows  how 
Computerworfd’s  top  100  IT  employers 
give  workers  the  job  fulf  illment  theyseek. 
Stories  begin  on  page  21. 
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And  we  deliver  both. 


When  it  comes  to  making  your  mark  in  IT,  the 
more  you  know,  the  further  you  go.  There’s  no 
better  or  faster  way  to  build  your  knowledge  base 
and  improve  your  chances  for  success  than  read¬ 
ing  an  issue  of  Computerworld  and  a  daily  visit  to 
Computerworld.com. 

Tap  the  rich  resources  of  Computerworld.com  for 
breaking  news,  up-to-the-minute  information, 
ideas,  insight,  advice  and  analysis.  It’s  the  only 
place  on  the  Web  where  you  can  get  both  the 
award-winning  editorial  found  in  Computerworld 
and  the  essential  online  resources  you  need  like 
these: 


Knowledge  Centers  -  quickly  find  the  informa¬ 
tion  you  need  to  do  your  job  at  Computerworld’s 
online  Knowledge  Centers  -  organized  by  the  IT 
topics  you  deal  with  every  day. 

E-Mail  Newsletters  -  subscribe  to  our  E-mail 
Newsletters  and  get  breaking  news,  commentary 
and  updates.  Choose  from  over  25  topics  deliv¬ 
ered  to  your  desktop  every  week. 

Renew  your  subscription  to  Computerworld  at 
cwsubscribe.com  right  now.  Then  explore  the  rich 
array  of  IT  resources  at  Computerworld.com.  That 
way  you’re  sure  to  get  both  sides  of  every  story. 
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Users  Get  Going 
On  SP2  Rollouts 


Corporate  deployments  of  XP  security  update 
widen,  but  IT  execs  cite  lengthy  app  testing 


BY  CAROL  SLIWA 


Many  corporate  users  dragged 
their  feet  in  testing  beta  ver¬ 
sions  of  the  security-focused 
Service  Pack  2  update  for  Win¬ 
dows  XP  and  still  had  plenty 
of  application  compatibility 
testing  to  do  when  Microsoft 
Corp.  released  SP2  last  August. 

But  a  random  poll  of 
IT  managers  conducted 
by  Computerworld  last 
week,  plus  anecdotal 
evidence  from  industry 
analysts,  indicates  that 
far  more  companies  are 


Microsoft  details 
its  packaging, 
pricing  for  SQL 
Server  2005. 
PAGES 


making  significant  headway  in 
deploying  SP2  or  are  prepar¬ 
ing  to  do  so. 

Twenty-three  of  the  30 
users  who  responded  to  the 
e-mail  poll  said  they  have 
started  to  deploy  or  have  in¬ 
stalled  SP2  on  existing  ma¬ 
chines,  are  rolling  it  out  on 
replacement  and  new 
PCs,  or  are  finishing 
testing  and  planning 
work  that  will  enable 
them  to  install  SP2  in 
the  coming  months. 
Testing  SP2,  page  47 


Municipal  CIOs,  such  as 
Philadelphia’s  Dianah 
Neff,  are  turning  IT  into 
a  high-profile,  revenue- 
producing  operation. 

By  matt  Hamblen.  PAGE  35 
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THE  COST  OF 


SPECIAL 

REPORT 


Changes  are  coming  to  the  contro¬ 
versial  visa  program.  But  don’t  ex¬ 
pect  the  debate  over  whether  the 
program  is  good  for  the  economy  -  or  costs  U.S. 
workers  their  jobs  -  to  end  anytime  soon.  Patrick 
Thibodeau  reports.  STORIES  BEGIN  ON  PAGE  4. 


AVERAGE  WAGE  FOR  H-1B  WORKERS  IN 
COMPUTER  SYSTEM  TECHNICAL  SUPPORT  JOBS 
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JOB? 


Author  N.  Sivakumar  says 
he  didn’t,  “When  I  was 
hired,  nobody  was  laid 
off.” 
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ONUNE  EXTRA 


Computerworld  scoured  three 
years  of  data  to  find  out  how 
much  newly  hired  H-1B  workers 
were  paid.  Use  our  interactive 
tool  to  learn  more.  0  a5100 


SOURCE:  U.S.  DEPARTMENT  OF  LABOR 
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aines  Give 
New  Tool 


Malicious  coders  use 
Google,  other  sites  to 
find  IT  flaws  on  Web 


BY  JAIKUMAR  VIJAYAN 

The  growing  use  of  search 
engines  to  spread  worms  or 
find  vulnerable  IT  targets 
poses  a  threat  to  companies 
that  aren’t  careful  about  the 
data  they  make  available  on 
the  Web,  IT  managers  and 
analysts  said  last  week. 

The  cautionary  note  fol¬ 
lows  the  Feb.  17  release  of  a 


new  variant  of  the  MyDoom 
mass-mailing  worm,  which 
was  programmed  to  spread 
itself  by  harvesting  e-mail 
addresses  from  search  en¬ 
gines  such  as  Google,  Alta¬ 
Vista  and  Lycos. 

“The  ability  of  search  en¬ 
gines  to  discover  a  lot  of  in¬ 
formation  that  was  not  nec¬ 
essarily  hidden  but  was 
a  lot  less  available  pre¬ 
viously  is  scary,”  said 
Matt  Kesner,  chief 
technology  officer  at 
Mountain  View,  Calif.- 


based  law  firm  Fenwick  & 
West  LLP. 

The  latest  worm  was  simi¬ 
lar  to  MyDoom-O,  an  earlier 
variant  that  flooded  search 
engines  with  automated 
e-mail  address  search  re¬ 
quests  last  July  —  briefly 
disrupting  the  availability 
of  Google  Inc.’s  Web  site. 

In  addition,  in  December  a 
worm  called  Sanity  used 
Google  to  identify  and  attack 
vulnerable  systems  by  look¬ 
ing  for  specific  text  on  Web 
sites  powered  by  an  open- 
source  bulletin  board 
HO i ill i> ! HI  application. 

The  appearance  of 
such  worms  indicates 
that  “Google  hacking” 
Hackers ,  page  16 
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Make  a  name  for  yourself 
with  Windows  Server  System 


Microsoft 


Your  potential.  Our  passion. ' 

Microsoft 

"We  have  3,000  PCs  based  everywhere  from 
Argentina  to  Vietnam,  and  now  our  team  can 
update  them  all  from  headquarters." 

Viktor  Portmann 

Project  Manager,  Department  of  Foreign  Affairs,  Switzerland 


Microsoft  Windows  Server  System  makes  it  easier  for 
Switzerland's  Federal  Department  of  Foreign  Affairs 
(DFA)  to  manage  the  infrastructure  serving  their 
embassies  and  consulates  in  156  countries.  Here's 
how:  By  using  Systems  Management  Server  2003 
and  Microsoft  Operations  Manager  2005,  DFA  can 
automatically  update  its  500  remote  servers  from  a 
central  location,  saving  over  $600,000  in  travel 
expenses  alone  in  the  past  year.  They've  also  been 
able  to  reduce  the  time  and  cost  of  maintenance, 
boost  user  productivity,  and  find  the  time  to  better 
prepare  for  expansion.  Software  that's  easier  to 
manage  is  software  that  helps  you  do  more  with 
less.  To  get  the  full  DFA  story  or  to  find  a  Microsoft 
Certified  Partner,  go  to  microsoft.com/wssystem 


Windows  Server  System'”  includes: 


Server  Platform 

Windows  Server 

Virtualization 

Virtual  Server 

Data  Management  &  Analysis 

SQL  Server  ” 

Communications 

Exchange  Server 

Portals  &  Collaboration 

Office  SharePoinf  Portal  Server 

Integration 

BizTalk'  Server 

Management 

Systems  Management  Server 

Microsoft’  Operations  Manager 

Security 

Internet  Security  &  Acceleration  Server 

Plus  other  software  products 


Mr.  500  Servers 
in  156  Countries 
Managed  from 
1  Location 


Department  of 
Foreign  Affairs, 
Switzerland 
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For  just  pennies  a  page,  the  versatile 
Xerox  WorkCentre*  Pro  2128  delivers  rich  1200  x  1200  dpi 
color  prints,  plus  advanced  multi-function  performance 
Xerox  Color.  It  makes  business  sense. 


'Ilie  remarkable  Xerox  WorkCentre  Pro  2128  gives  you  an 
affordable  way  to  add  brilliant  color  and  an  impressive  set 
of  valuable  features  to  any  office.  This  advanced  digital 
system  can  print,  copy,  scan,  e-mail  or  fax  simultaneously, 
even  when  other  jobs  are  running.  It  also  scans  hard 
copy  directly  to  e-mail,  improving  productivity.  Walk-up 


simplicity  means  easy  access  to  razor  sharp  28  ppm 
black-and-white  and  21  ppm  quality  color  documents.  And 
it  consolidates  all  these  functions  without  compromising 
reliability.  To  learn  more,  see  our  full  line  of  multi¬ 
function  systems,  digital  copiers  and  award-winning 
color  printers.  It  makes  perfect  sense  for  any  business. 
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Print  Copy  Scan  Fax  E-mail 

Xerox  WorkCentre  Pro  2128 


XEROX 


ieeroK.com/offfice/24 

1-800-ASK-XEROX  ext.  24 


Technology  Document  Management  Consulting  Services 


©  2005  XEROX  CORPORATION.  All  rights  reserved.  XEROXf  WorkCentre*  and  Xerox  Color.  It  makes  business  sense  are  trademarks  of  XEROX  CORPORATION  in  the  United  States  and/or  other  countries. 


The  Business  Case  for  Linux 

In  this  week’s  Management  section: 

Building  a  formal  business  case  for 
Linux  is  becoming  increasingly  impor¬ 
tant  as  more  companies  consider  the 
open-source  operating  system  for 
mission-critical  applications.  Page  38 


In  Business  to  Stay 

In  this  week’s  Technology  section:  Apple 
remains  a  strong  player  in  the  graphics 
and  digital-media  production  markets. 
And  now  the  company  is  becoming  an 
option  for  everyday  server  chores  inside 
the  data  center.  Page  25 
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THE  COST  OF  H-1BS 

As  an  extra  20,000  visas  become 
available,  the  debate  continues 
over  whether  the  H-1B  program 
hurts  the  wages  and  job 
security  of  U.S.  IT  workers. 


8  81  tools  are  gaining  a  place 

in  enterprise  projects  ranging 
from  large-scale  deployments 
to  data  for  decision  support. 

8  Microsoft  details  its  packag¬ 
ing  and  pricing  plans  for  SQL 
Server  2005,  which  is  due  to 
ship  this  summer  —  finally. 

12  Hewlett-Packard  plans  to 

integrate  its  Systems  Insight 
Manager  with  a  storage  man¬ 
agement  tool  from  AppIQ. 

12  UPS  slows  down  its  rollout  of 

a  new  package-flow  system. 

14  Global  Dispatches:  Singapore’s 
government  announces  an 
ambitious  cybersecurity  plan. 

14  Q&A:  U.S.  Rep.  Tom  Davis 

says  federal  agencies  could 
face  more  IT  security  man¬ 
dates  if  they  don’t  better 
protect  their  systems. 

16  A  battle  over  source-code 

ownership  added  more  than 
$10  million  to  the  cost  of 
Boston’s  “Big  Dig”  project. 

21  The  theft  of  personal  data 

from  ChoicePoint  leads  to 
calls  for  a  national  identity 
protection  law. 


28  Future  Watch:  Computation 
Comes  to  Life.  Researchers 
are  trying  to  turn  cells 
into  living  computers  with 
programmable  DNA  and 
biochemical  memories. 

30  Q&A:  The  Greening  of  Busi¬ 
ness  Apps.  Satya  Nadella, 
head  of  Microsoft’s  initiative 
to  rearchitect  business  appli¬ 
cations  under  a  service- 
oriented  model,  discusses 
Project  Green  and  what  users 
need  in  business  applications. 

32  Endgame  for  Tru64.  Users 
have  no  choice  but  to  plot  a 
road  map  away  from  Hewlett- 
Packard’s  Tru64  Unix  system. 
They  might  move  to  HP-UX 
or  explore  other  options. 

MANAGEMENT 

35  Political  Animals.  Politically 
savvy  municipal  CIOs  are 
using  hot  new  technologies 
to  turn  IT  from  a  cost  center 
into  a  high-profile  revenue 
producer. 

40  New  Project  Perils.  Just  when 
you  think  you’ve  got  project 
management  under  control, 
fallout  from  new  government 
regulations  like  the  Sarbanes- 
Oxley  Act  can  blow  up  your 
budget  and  your  deadline. 

41  Career  Watch.  CIO  John 

Campbell  answers  a  reader’s 
question  about  project  man¬ 
agement  skills.  Plus,  there’s 
more  bad  news  on  IT  salaries; 
and  a  look  at  some  offshoring 
numbers. 


6  On  the  Mark:  Mark  Hall 

reports  on  the  boost  Mercury 
Interactive  and  its  app  stress¬ 
testing  tool  are  getting  from 
its  relationship  with  SAP. 

22  Don  Tennant  outlines  his 
philosophy  that  engagement 
with  China  is  the  best  way  to 
ensure  that  changes  come  to 
that  country. 

22  David  Moschella  thinks  the 
Federal  Communications 
Commission  should  declare 
“mission  accomplished.” 

23  Jerrold  M.  Grochow  cautions 
that  organizations  that  rely 
on  firewalls  often  ignore 

the  implementation  of  other 
security  mechanisms. 

34  Douglas  Schweitzer  has  ad¬ 
vice  on  choosing  between  pas¬ 
sive  and  active  vulnerability 
monitoring:  Use  both. 

42  George  Tillmann  concedes 
that  the  IT  of  cables  and  sili¬ 
con  is  running  out  of  steam, 
but  the  IT  of  ideas  is  another 
story. 

48  Frankly  Speaking:  Frank 

Hayes  says  you  should  stop 
laughing  at  Paris  Hilton. 

Your  users’  cell  phones 
can  be  hacked  just  as  easily 
as  hers  was. 
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Different  Shades  of  Grid 

HARDWARE:  Three  early  adopters  talk  to 
columnist  Ian  Foster  about  the  benefits, 
challenges  and  payback  of  large-scale  enter¬ 
prise  grids.  ©  QuickLink  52768 

Thwart  Common 
Web  Vulnerabilities 

WEB  SITE  MANAGEMENT:  IT  manager  Susan 
Kennedy  details  the  main  risks  of  Web  appli¬ 
cations  and  explains  how  to  mitigate  them. 

©  QuickLink  52783 

U.S.  Should  Welcome 
EU  Privacy  Drive 

OPINION:  U.S.  companies  should  thank  the 
Europeans  for  their  push  toward  short, 
multilayered  privacy  policies  that  people 
will  actually  read,  says  business  privacy 
expert  Jay  Cline.  ©  QuickLink  52731 

Avoid  Job  Search  Blunders 

CAREERS:  Technology  has  radically  changed 
the  way  people  seek  employment.  Robert 
Half  Technology’s  Katherine  Spencer  Lee 
offers  some  suggestions  for  making  those 
tools  work  for  you.  ©  QuickLink  52277 


Coping  With  Change 

IT  MANAGEMENT:  Dealing  with  the  effects 
of  change  on  employees  was  a  pillar  of  one 
AAA  chapter’s  enterprise  portfolio  manage¬ 
ment  program.  ©  QuickLink  51741 


What’s  a  QuickLink? 

O  Throughout  each  issue  of 
Compuierworld,  you’ll 
see  five-digit  QuickLink  codes 
pointing  to  related  content  on 
our  Web  site.  Also,  at  the  end  of 
each  story,  a  QuickLink  to  that 
story  online  facilitates  sharing  it 
with  colleagues.  Just  enter  any 
of  those  codes  into  the  Quick¬ 
Link  box,  which  is  at  the  top  of 
every  page  on  our  site. 
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BY  PATRICK  THIBODEAU 

Next  week,  the  U.S.  govern¬ 
ment  will  begin  accepting 
H-1B  applications  from  compa¬ 
nies  that  want  to  take  advan¬ 
tage  of  an  increase  in  the  fiscal 
2005  visa  cap  to  hire  foreign 
workers  who  have  advanced 
degrees  from  U.S.  universities. 

Up  to  20,000  new  H-1B  visa 
slots  are  becoming  available. 
Opponents  of  the  cap  increase 
say  the  graduates  being 
hired  will  take  jobs 
from  U.S.  workers,  in¬ 
cluding  IT  staffers.  Sup¬ 
porters  argue  that  foreign 
workers  are  important  to  the 
country’s  economic  health.  At 
the  core  of  the  debate  lies  a 
question  that’s  likely  to  re- 
emerge  as  the  application 
process  begins  again:  Do  H-1B 
visa  holders  help  or  hurt  the 
U.S.  workforce? 


SPECIAL 

REPORT 


A  Computerworld  analysis 
of  wage  data  from  approxi¬ 
mately  290,000  H-1B  applica¬ 
tions  filed  with  the  U.S.  De¬ 
partment  of  Labor  shows  that 
H-1B  salaries  declined  across 
the  board  between  the  2001 
and  2003  federal  fiscal  years  in 
a  number  of  IT  job  categories. 
They  include  programming, 
systems  analysis,  networking, 
end-user  support  and  quality 
assurance.  The  wage  decline 
mirrored  what  was  happening 
to  the  pay  of  U.S.  IT  workers 
—  at  least  until  2003,  when  the 
salary  trends  diverged,  ac¬ 
cording  to  research  firm  Foote 
Partners  LLC. 

The  government’s  Labor 
Condition  Application  data¬ 
base  provides  data  only  on 
new  H-1B  visa  applicants  and 
visa  holders  seeking  a  change 
of  status.  In  addition,  the  La- 


b 


bor  Department  lumps  the  in¬ 
formation  into  job  categories 
that  don’t  easily  match  with 
jobs  in  the  private  sector. 
Moreover,  the  government 
doesn’t  track  visa  holders  and 
doesn’t  know  the  rate  at  which 
H-1B  visa  holders  lost  jobs  in 
proportion  to  U.S.  workers. 

But  David  Foote,  president 
and  chief  research  officer  at 
Foote  Partners,  said  there  was 
a  split  in  2003:  The  salaries  of 
U.S.  workers  increased,  while 
H-1B  wages  continued  down¬ 
ward.  That  finding  comes 
from  comparing  the  H-1B  data 
compiled  by  Computerworld 
and  processed  by  Eastland 
Data  Systems  Inc.  with  salary 
information  that  New  Canaan, 
Conn.-based  Foote  Partners 
collected  through  surveys  of 
about  46,000  private-sector 
and  government  IT  profes¬ 
sionals. 

In  the  category  covering 
data  communications  and  net¬ 
working  jobs,  for  instance, 

U.S.  salaries  rose  6.2%  in  fiscal 
2003,  Foote  said.  H-1B  salaries 
declined  2%  during  that  peri¬ 
od,  according  to  the  Labor  De¬ 
partment  data.  Foote  said  U.S. 
salaries  in  other  IT  job  cate¬ 
gories  grew  at  rates  ranging 
from  1.5%  to  more  than  6%, 
while  H-1B  salaries  saw  de¬ 
clines  of  1%  to  5%. 

In  2003,  “the  economic  re¬ 
covery  began  in  earnest,” 

Foote  said.  Salaries  for  U.S. 
workers  increased  because 


IT  WAGE  DATA  2001-2003 


JOB 

FY  2001 

FY  2002 

FY  2003 

%  CHANGE 

% CHANGE 

%  CHANGE 

%  CHANGE 

CODE 

AVERAGE 

AVERAGE 

AVERAGE 

’01-’02 

’01-’02 

’02-’03 

’02-’03 

H-1B 

H-1B 

H-1B 

H-1B 

U.S.  IT 

H-1B 

U.S.  IT 

030 

$60,357 

. . 

$60,554 

$59,701 

Hi :  f'3 

031 

032 

033 

039 


$60,234 

$53,024 

A .  ^  ■?'  \  1 

$58,933 


$57,041 

$48,062  $46,882 


$56,136 


$66,763  $64,883  $64,247 


NOTES: 

The  H-1B  data  includes  information  only  on 
new  visa  applicants.  It  doesn't  include  wage 
information  on  all  H-1B  visa  workers  in  the 
U.S.  at  that  time. 

The  U.S.  IT  data  comes  from  Foote  Partners 
LLC  in  New  Canaan.  Conn.,  which  matched , 
its  own  salary  survey  data  on  about  46,000 
IT  professionals  against  the  government  data. 


JOB  CQQE  GUIDE 

030:  Software  engineer,  computer  pro¬ 
grammer,  programmer  analyst,  engineer 
and  scientific  programmer,  systems  pro¬ 
grammer,  chief  computer  programmer, 
systems  analyst 

031:  Network  control  operators  supervisor, 
data  communications  analyst,  network 
control  operator 


032:  User  support  analyst  supervisor,  user 
support  analyst 

033:  Computer  security  coordinator,  data 
recovery  planner,  technical  support  specialist, 
computer  systems  hardware  analyst,  quality 
assurance  analyst,  computer  security  specialist 

039:  Database  administrator,  database 
design  analyst,  microcomputer  support 
specialist 
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H-IBs  Help  U.S. 
Economy,  Says 
Book  Author 


N.  Sivakumar  s  book,  Dude, 

Did  I  Steal  Your  Job?  Debugging 
Indian  Computer  Programmers 
(Divine  Tree,  2004)  is  an 
account  of  his  experiences  as 
an  H-1B  worker  in  the  U.S.  The 
book  offers  an  inside  look  at  the 
visa  program  and  lays  out  a  case 
for  its  use  by  employers.  In  an 
interview  with  Computerworld, 
Sivakumar  discussed  the  issues 
raised  in  his  book. 


The  first  part  of  your  book 
title  is  very  in-your-face. 


companies  were  trying  to  hold 
on  to  IT  staffers  who  hadn’t 
been  laid  off  during  the  tech¬ 
nology  spending  downturn,  he 
noted.  Meanwhile,  offshore 
outsourcing  increased,  as  did 
the  use  of  contract  companies 
that  rely  on  H-1B  visa  workers. 

Because  clients  didn’t  want 
contract-labor  costs  to  eat  into 
their  offshore  savings,  con¬ 
tractors  had  to  be  competitive, 
according  to  Foote.  “If  they 
can’t  convince  the  client  of 
theirs  to  pay  more  for  the  tal¬ 
ent,  then  they  just  have  to  get 
the  talent  cheaper,”  he  said. 

The  fight  over  H-1B  visas  ul¬ 
timately  revolves  around  the 
opinions  and  experiences  of 
IT  managers  and  workers. 

Jesus  Arriaga,  CIO  at  Key¬ 
stone  Automotive  Industries 
Inc.,  an  auto  parts  distributor 
in  Pomona,  Calif.,  is  among 
those  questioning  the  need  for 
more  H-1B  visas.  In  prior  jobs 
in  California  in  the  late  1990s, 
he  worked  at  companies  that 
used  H-1B  workers,  who  were 
typically  paid  less  than  their 
U.S.  counterparts.  “It’s  just 
like  offshoring,”  he  said. 
“You’re  probably  going  to  get 
similar  skills  at  a  lesser  cost.” 

Nonetheless,  Arriaga  said 
that  at  Keystone,  he’s  more  in¬ 
terested  in  hiring  U.S.  work¬ 
ers,  “especially  when  you  have 
colleagues  that  have  not  found 
work.”  When  U.S.  workers 
“get  bypassed  because  other 
foreign  workers  are  coming  in 
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What  are  you  trying  to  accom¬ 
plish  with  that?  A  lot  of  people 
think  that  people  like  me  came  here 
and  stole  the  jobs.  People  really 
never  talk  about  the  benefits  that 
H-1B  visa  holders  brought  to  this 
economy.  The  book  is  about  Indian 
programmers  and  the  nature  of  the 
visa  holders.  It’s  about  abuse  from 
the  other  side  -  abuse  that  nobody 
wants  to  talk  about  in  public. 

What  abuse  did  you  face?  I  nev¬ 
er  faced  anything  personally.  But 
whenever  I  go  online,  I  see  a  lot  of 
hatred.  That’s  what  troubles  me. 
Also,  if  you  look  at  programs  like 
CNN’s  Lou  Dobbs,  he . . .  never 
talks  about  the  benefit  these  folks 
bring  to  the  economy. 


Opponents  believe  H-1B  visa 
holders  are  being  used  to  push 
down  the  wages  of  U.S.  IT 
workers.  What’s  your  view? 

I  agree  with  that.  "Body  shops” 
abuse  H-1B  visa  users  -  they  bring 
in  people  for  very  low  cost.  But  not 
all  H-IBs  are  abused.  The  majority 
is  brought  in  to  fill  a  gap.  I  came 
here  as  an  electronic  de¬ 
sign  automation  program¬ 
mer.  H-1B  workers  defi¬ 
nitely  brought  the  salaries 
down,  but  they  brought 
the  right  people  in  at  the 
right  time. 

Do  major  companies  pay 
reduced  wages,  or  just 
the  body  shops?  The 


body  shops  are  the  ones  who  pay 
low.  When  I  was  hired,  I  was  paid 
exactly  the  salary  I  was  promised. 

Of  the  total  number  of  H-IBs  in 
the  U.S.,  what  percentage  do 
you  believe  work  at  IT  contrac¬ 
tors?  The  major  body  shops  em¬ 
ploy  about  10%  to  15%  of  the 
H-IBs,  but  big  companies 
like  Microsoft,  Oracle,  Cisco 
hired  the  rest  -  those  folks 
don't  abuse  them.  Those 
folks  pay  the  right  salaries 
and  give  all  the  benefits. 

Since  H-1B  holders  are 
increasing  the  supply  of 
workers,  shouldn’t 
Americans  who  can’t 


find  jobs  feel  some  resentment? 

An  H-1B  worker  should  not  replace 
an  American  worker. . . .  That’s 
ethically  wrong,  lawfully  wrong  - 
it’s  wrong  from  any  angle.  When  I 
was  hired,  nobody  was  laid  off. 

What  are  your  plans  now?  I  got 

my  green  card.  I  will  be  a  U.S.  citi¬ 
zen.  This  is  what  I  want,  the  free¬ 
dom.  But  I'm  a  programmer  first. 

I’m  not  an  author  -  my  C++  is  bet¬ 
ter  than  my  English. 

-  Patrick  Thibodeau 

MORE  ‘DUDE1 

For  an  extended  version  of  this  interview, 
go  to  our  Web  site: 

QuickLink  52816 
www.computerworld.com 


and  taking  their  jobs,  I  don’t 
think  that’s  right,”  he  said. 

Russell  Lewis,  CIO  at  GFI 
Group  Inc.,  a  New  York-based 
financial  services  firm,  has 
hired  H-1B  workers  as  full¬ 
time  employees  and  has  spon¬ 
sored  them  for  permanent  res¬ 
idency  green  cards.  Lewis  said 


that  his  goal  is  to  hire  the  best 
person  for  a  particular  job  and 
that  he  has  seen  no  savings  in 
hiring  H-1B  workers  full  time. 

“By  saying,  ‘Well,  the  H-1B 
workers  bring  a  cheaper  labor 
force  to  the  U.S.,’  typically,  our 
experience  is  that  it  doesn’t  do 
that,”  Lewis  said. 


Some  H-1B  workers  at¬ 
tribute  wage  problems  to  IT 
contractors  —  sometimes 
called  “body  shops.” 

A  Labor  Department  em¬ 
ployee  who  works  in  the  H-1B 
program  and  asked  that  his 
name  be  withheld  said  most 
complaints  concern  contrac¬ 


tors  who  either  paid  H-1B  em¬ 
ployees  below  the  prevailing 
wage  or  “benched”  them, 
meaning  they  weren’t  paid  be¬ 
tween  contracts. 

Rajiv  Dabhadkar,  a  former 
H-1B  visa  holder  and  IT  pro¬ 
grammer  who  returned  to  In¬ 
dia  last  year,  said  he  was  al¬ 
ways  paid  below  prevailing 
wage  levels  by  contractors.  In 
addition,  he  once  found  out 
that  he  wasn’t  receiving  med¬ 
ical  insurance  even  though 
there  was  a  paycheck  deduc¬ 
tion  for  the  benefit. 

“I’ve  been  really  hurt  by  the 
visa  system,”  said  Dabhadkar, 
who  formed  a  group  in  Mum¬ 
bai,  India,  called  NoStops.Org 
that  provides  call  center  sup¬ 
port  to  H-1B  and  other  tech 
workers. 

The  20,000  additional  H-1B 
visas  will  become  available  on 
March  8.  Other  changes  to  the 
H-1B  program  will  also  go  into 
effect  in  the  next  few  weeks,  in¬ 
cluding  a  revamping  of  the  gov¬ 
ernment-mandated  two-tiered 
prevailing  wage  system  under 
which  visa  holders  are  paid. 

H-1B  workers  are  supposed 
to  be  paid  a  prevailing  wage, 
based  on  state,  federal  or 
private-survey  employment 
data.  Most  companies  use 
federal  or  state  salary  data, 
according  to  immigration  at¬ 
torneys,  who  said  the  current 
system  doesn’t  give  employers 
much  flexibility  —  often  forc¬ 
ing  them  to  pay  a  wage  that  is 


Foreign  Students  Fill  Computer 
Science  Graduate  Programs 


An  argument  cited  by  H-1B 
supporters  for  raising  the  visa 
cap  stems  from  the  high  number 
of  foreign  students  -  especially 
from  China  and  India  -  who 
come  to  the  U.S.  to  study. 

Foreign  student  enrollments 
account  for  about  70%  of  the 
masters  and  Ph.D.  computer  sci¬ 
ence  students  at  Texas  Tech  Uni¬ 
versity,  according  to  John  Bor- 
relli,  dean  of  the  graduate  school 
at  the  28,000-student  university 
in  Lubbock.  Last  year,  the  num¬ 
ber  of  foreign  students  who  ap¬ 
plied  for  graduate  admissions 
was  more  than  three  times  the 
number  of  U.S.  residents  who 
did  so,  Borrelli  said. 

In  2001,  the  most  recent  year 
for  which  figures  are  available, 
foreign  students  made  up  nearly 
60%  of  graduate  enrollments 
nationwide,  according  to  the  Na¬ 
tional  Science  Foundation. 

Borrelli  said  U.S.  students 
aren’t  as  interested  in  engineer¬ 


ing  and  science  studies  as  for¬ 
eign  students  are.  “We  are  not 
preparing  our  students  out  of 
high  school  to  compete  in  the 
area  of  science  and  engineering 
very  well,"  he  said. 

Most  of  the  students  enrolled 
in  the  New  Jersey  Institute  of 
Technology’s  graduate  program 
are  foreign  nationals.  The 
Newark-based  school  has  so  far 
received  208  applications  for  ad¬ 
mission  in  computer  science 
master’s  degree  programs  next 
year,  with  about  165  of  those  ap¬ 
plications  from  foreign  students, 
said  Stephen  Seideman,  dean  of 
the  school’s  college  of  comput¬ 
ing  science.  The  foreign  students 
“will  do  everything  they  can  to 
stay  here,”  he  said. 

Typically,  foreign  graduates  of 
U.S.  universities  get  a  one-year 
training  visa  after  graduation  and 
then  seek  an  H-1B  visa. 

Rock  Regan,  former  CIO  for 
the  state  of  Connecticut,  said 


state  agencies  typically  don’t  hire 
H-1B  visa  holders  because  of  po¬ 
litical  concerns.  But  Regan  thinks 
U.S.  schools  are  “not  putting  out 
the  number  of  qualified  workers 
that  the  industry  needs.” 

Despite  the  addition  of 
20,000  more  visas  for  the  cur¬ 
rent  fiscal  year,  the  H-1B  cap  is 
still  less  than  half  of  its  195,000- 
visa  peak.  Regan  suspects  that 
the  reduced  number  of  visas  will 
encourage  offshore  outsourcing 
of  IT  jobs.  Offshoring  “will  be¬ 
come  more  of  a  reality  if  people 
can’t  get  the  talent  here  in  the 
U.S.,”  he  said. 

Opponents  see  any  increase  in 
the  number  of  visas  as  having  an 
impact  on  the  prospects  of  U.S. 
students.  Norman  Matloff,  pro¬ 
fessor  of  computer  science  at 
the  University  of  California,  Davis, 
and  a  longtime  critic  of  the  H-1B 
visa  program,  said  it’s  largely  a 
matter  of  supply  and  demand. 

The  more  H-1B  workers  there  are, 
the  less  opportunity  there  is  for 
his  students,  Matloff  said. 

-  Patrick  Thibodeau 


higher  than  an  employee’s 
skills  and  training  warrant. 

On  March  8,  the  law  will  be 
changed  to  allow  four  tiers  of 
pay  in  each  prevailing  wage 
category,  enabling  companies 
to  pay  H-1B  visa  holders  some¬ 
thing  between  the  top  and  bot¬ 
tom  levels  of  the  prevailing 
wage  scale. 

“It  has  been  a  virtual  night¬ 
mare  dealing  with  a  two-tier 
system,”  said  David  Nachman, 
an  immigration  attorney  in 
Saddle  River,  N.J.  “What  we’re 
seeing  now  is  [that]  finally  the 
Department  of  Labor  is  com¬ 
ing  to  an  understanding  of 
what  the  real  world  is.” 

But  Ron  Hira,  an  assistant 
professor  of  public  policy  at 
the  Rochester  Institute  of 
Technology  in  New  York,  said 
the  four-tier  system  “will  only 
push  wages  down  . . .  for  many 
of  those  workers  that  were 
probably  in  between  the  two 
[tiers].” 

Another  change  next  month 
requires  employers  to  pay 
100%  of  a  prevailing  wage  for 
new  and  extended  H-1B  peti¬ 
tions.  That  rate  is  now  95%  of 
the  prevailing  wage.  Also,  the 
fees  for  an  H-1B  application, 
including  the  cost  of  acceler¬ 
ated  processing,  will  rise  from 
$185  to  $3,185. 


Frida  Glucoft,  a  partner  at 
Mitchell  Silberberg  &  Knupp 
LLP  in  Los  Angeles  and  chair 
of  the  law  firm’s  immigration 
department,  said  the  prevail¬ 
ing  wage  and  application  fee 
increases  will  likely  discour¬ 
age  some  companies  from  hir¬ 
ing  H-1B  workers. 

Still,  Glucoft  expects  the 
20,000  new  visas  approved  by 
Congress  last  fall  to  be  gone  in 
a  week.  ©  52B02 
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Exec:  HP  Needs 
Gerstner  Clone 


If  Hewlett-Packard  Co.  could 
done  IBM’s  former  CEO  Lou  Ger¬ 
stner,  the  beleaguered  company 
would  have  the  ieader  it  needs 
after  Carly  Fiorina’s  ejection  as 
CEO  and  chairman  earlier  this 
month,  said  HP  Executive  Vice 
President  Mike  Winkler.  “We  want 
strong  operational  leadership  and 
hands-on  execution  capability,” 
he  said.  (For  more  details,  go  to 
our  Web  site:  QuickLink  52848.) 


IBM  Restates  2004 
Services  Revenue 

IBM  reduced  the  2004  revenue 
figure  for  its  Global  Services  unit 
by  S260  million  after  discovering 
improper  sales  of  third-party 
hardware  at  its  Japanese  unit,  the 
company  said  in  a  U.S.  Securities 
and  Exchange  Commission  filing. 

A  review  of  third-party  agreements 
discovered  that  “certain  IBM 
Japan  employees  acted  improperly 
and  inconsistently  with  IBM’s  poli¬ 
cies  and  practices,”  IBM  said. 


EDS  to  Shutter 
21  Data  Centers 

Electronic  Data  Systems  Corp. 
plans  to  close  21  data  centers  in 
an  effort  to  cut  costs.  EDS  said  it 
will  close  17  centers  in  the  U.S. 
and  four  in  Europe.  The  outsourcer 
announced  late  last  year  that  it 
planned  to  cut  15,000  to  20,000 
jobs  over  the  next  two  years. 


Qwest  Sweetens 
Its  Bid  for  MCI 

Qwest  Communications  Interna¬ 
tional  Inc.  made  a  new  bid  for  MCI 
Inc.  in  an  effort  to  lure  MCI  away 
from  rival  Verizon  Communications 
Inc.  Qwest’s  new  $8  billion  offer 
matches  its  Feb.  11  bid  but  guaran¬ 
tees  the  purchase  price  and  would 
allow  a  faster  payout  to  MCI  stock¬ 
holders  than  its  previous  bid.  MCI 
executives  have  accepted  a  S6.7 
billion  bid  from  Verizon,  but  Veri¬ 
zon’s  bid  doesn’t  guarantee  the 
purchase  price. 
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SAP  Brings  Mercury 
Into  NetWeaver’s . . . 


. . .  application  development  orbit.  According  to  Christo¬ 
pher  Lochhead,  chief  marketing  officer  at  Mercury 
Interactive  Corp.,  the  Mountain  View,  Calif.-based 
company’s  LoadRunner  application  stress-testing 
tool  should  be  fully  integrated  into  SAP  AG’s  Net- 


Weaver  application  develop¬ 
ment  and  integration  suite  by 
Q2.  That  means  programmers 
working  with  NetWeaver  will 
get  to  run  LoadRunner’s  tests, 
at  no  extra  cost,  to  determine 
how  well  their  applications 
will  perform  under  ever- 
increasing  workloads. 
Although  SAP  paid 
Mercury  to  port  Load- 
Runner  to  NetWeaver, 
Lochhead  insists  this 
isn’t  simply  work  for 
hire.  He  expects  the 
deal  to  increase  adop¬ 
tion  of  NetWeaver 
and  Mercury’s  other 
testing  tools.  Mercury 
saw  a  144%  increase  in 
sales  of  its  J2EE  appli¬ 
cation-testing  software  last 
year,  Lochhead  claims.  Most 
of  the  sales  were  for  IBM’s 
WebSphere  and  BEA  Systems 
Inc.’s  WebLogic  product 
lines.  But,  he  says,  NetWeaver 
is  gaining  ground. 

Sort  through  millions 
of  security  events . . . 

. . .  daily  in  a  flash  while  keeping 
an  eye  on  compliance  issues.  So 


promises  Rani  Merritt,  senior 
vice  president  at  ArcSight 
Inc.  in  Cupertino,  Calif.  She 
claims  that  ArcSight’s  Enter¬ 
prise  Security  Manager  soft¬ 
ware  can  sift  through  more 
than  100  million  security 
alerts  from  network  devices 
in  a  single  day  and,  in  real 
time,  determine 
which  alarms  you 
need  to  care  about. 
Later  this  year,  the 
company  will  deliver 
prepackaged  agents 
for  Oracle  Financials 
to  help  users  oversee 
their  adherence  to 
regulations.  For  ex¬ 
ample,  ArcSight  plans 
to  ship  in  May  an 
agent  designed  to  help  health 
care  providers  stay  in  line 
with  the  data  privacy  man¬ 
dates  of  the  Health  Insurance 
Portability  and  Accountabil¬ 
ity  Act.  In  Q3,  it  plans  to  add 
an  agent  that  supports  com¬ 
pliance  with  the  Sarbanes- 
Oxley  Act.  Merritt  also  hinted 
at  another  possible  ArcSight 
event  in  2005  —  the  compa¬ 
ny’s  initial  public  offering. 


Bookmark  an  IT 
tool  kit  in  your . . . 

. . .  browser  by  adding  Informa¬ 
tion  Technology  Toolbox  Inc.’s 
Web  site  to  your  favorites  list. 

Dan  Morrison,  CEO  of  Scotts¬ 
dale,  Ariz.-based  ITtoolbox, 
claims  that  his  online  re¬ 
source  for  all  things  IT  is  dif¬ 
ferent  than,  say,  Computer- 
world.com  or  Google. 

For  one  thing,  he 
says,  the  blogs  and 
forums  are  written  by 
technology  practi¬ 
tioners,  not  lowly 
journalists.  And  try¬ 
ing  to  locate  good 
advice  is  less  dicey 
than  it  is  via  Google 
searches,  Morrison  claims. 
“Rather  than  help  people  find 
a  needle  in  a  haystack,  IT¬ 
toolbox  is  providing  a  stack 
of  needles,”  he  says  pithily. 
Although  with  850  discussion 
groups  active  on  the  Web 
site,  that’s  a  lot  of  needles  to 
sort  through.  Expect  ITtool¬ 
box  to  add  support  for  Wikis 
—  those  Web  pages  that  let 
anyone  contribute  thoughts 
on  a  subject.  Morrison  was 
coy  as  to  when  they  might 
appear,  but  you  should  see 
them  before  the  end  of  the 
year. 

“As  long  as  I  count 
the  votes,  what . . . 

...  are  you  going  to  do  about  it?” 

That  was  Boss  Tweed’s  ques¬ 
tion  to  those  wondering 
about  the  veracity  of  a  19th 
century  election  in  New  York. 
Today’s  Web  analytics  “ex¬ 
perts”  could  ask  the  same 
question  of  marketers,  who 
seek  objective  insights  into 
usage  data  from  their  Web 
sites.  Perhaps  the  Web  Ana¬ 
lytics  Association  (WAA)  in 
Washington  will  help.  At 


least,  the  new  industry  group 
might  bring  consistency  to 
the  methods  that  Web  traffic 
analysts  use  to  tally  their 
numbers.  For  example,  “con¬ 
versions”  aren’t  counted  the 
same  way  on  most  sites. 
Worse,  the  word  doesn’t  even 
mean  the  same  thing  on  dif¬ 
ferent  sites.  Jim  Sterns,  the 
WAA’s  president,  says  the 
group  “needs  to 
prove  itself  to  end 
users  and  overcome 
end-user  skepticism.” 
Sterns  thinks  it’s  es¬ 
sential  that  Web  ana¬ 
lytics  users  speak  the 
same  language  —  and 
count  the  same  way. 
That’s  why  the 
WAA’s  first  project  will  be 
developing  standard  defini¬ 
tions  and  methods  for  Web 
analytics.  Sterns  hopes  that 
the  bulk  of  the  work  will  be 
done  by  2006.  He  says  that 
given  the  volatile  nature  of 
both  technology  and  language, 
the  standard  definitions  “will 
be  a  live  document.”  But 
counting  methods,  one  hopes, 
will  be  written  in  stone.  You 
know,  1...2...3...6... 

Secure  your  remote 
user  access . . . 

. . .  using  Active  Directory.  Of 

course,  you’ll  need  a  third- 
party  tool,  such  as  the  secure 
messaging  appliances  from 
enKoo  Inc.  in  Fremont,  Calif., 
according  to  enKoo  CEO  Ajit 
Deora.  “Active  Directory  has 
a  very  primitive  level  of  au¬ 
thentication,”  Deora  claims. 
This  week,  enKoo  plans  to 
release  an  upgrade  that  lets 
its  appliances  use  existing  Ac¬ 
tive  Directory  lists  to  authen¬ 
ticate  users  on  SSL  VPNs  that 
the  devices  set  up.  An  enKoo 
2000  appliance  starts  at  un¬ 
der  $3,000.  ©  52789 


Upgraded  enKoo  appliances 
support  Active  Directory. 


S367M 

Forrester's 
estimate  of 
2005  Web 
analytics 
market. 


PATIENTS  NOTE 


MAKING  YOUR  FILES 
ELECTRONIC  MAKES  THEM  EASY 
TO  ACCESS  (BY  ANYONE) 


Even  if  everyone  knew  about  the  problem,  would  anyone  know  the  solution? 


As  every  aspect  of  business  migrates  to  the  Web,  sensitive  infor¬ 
mation  once  sheltered  is  now  exposed.  Because  browser-based 
applications  pass  through  the  entire  security  perimeter. 

If  that  doesn't  wrinkle  your  brow,  in  a  recent  study  70  percent  of 
companies  reported  security  intrusions,  with  an  average  of  136  annually. 

The  only  real  answer  is  a  solution  that  knows  exactly  what  your 
application's  traffic  should  look  like,  and  blocks  everything  else. 
A  comprehensive  solution  that  gives  you  complete  control  over  who 


gets  access  from  where  and  when,  that  can  actually  identify  and  fil¬ 
ter  application-level  cyber  attacks. 

It's  application  traffic  management  taken  to  the  next  level. 

Something  that  could  only  have  come  from  a  deep  understanding 
of  both  the  network  and  the  application.  Which  is  why  only  F5  can 
offer  it.  For  details  on  this  revolutionary  architecture,  including 
our  TrafficShield™  Application  Firewall  and  FirePass®  SSL  VPN, 
visit  www.f5.com/cwdoc  or  call  800-916-7166. 
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Tools  Gain  Higher 
Rank  in  Enterprises 


Dashboard  Deployments  by  Company  Size 


■  Not  considering  ■  Evaluating  ■  Implementing 
■  Using  less  than  one  year  Using  more  than  one  year 


Companies  seek  to 
provide  more  data 
to  more  users 

BY  HEATHER  HAVENSTEIN 

usiness  intelligence 
tools  are  pushing 
deeper  into  the  enter¬ 
prise  as  companies 
use  them  in  projects  ranging 
from  large-scale  user  deploy¬ 
ments  to  systems  that  supply 
key  data  to  executive  decision¬ 
makers. 

Many  companies  are  replac¬ 
ing  disparate  reporting  tools 
with  enterprisewide  technol¬ 
ogy  while  adding  corporate 
performance  management 
(CPM)  software  to  boost  the 
visibility  of  transactional  data. 

For  instance,  the  University 
of  North  Carolina  system, 
which  consists  of  16  public  ed¬ 
ucational  institutions,  chose 
Information  Builders  Inc.’s 
WebFocus  technology  for  en¬ 
terprise  reporting  that  will 
eventually  be  used  by  more 
than  200,000  users. 

Chapel  Hill,  N.C.-based 
UNC  has  completed  30%  of  a 
project  launched  in  September 
to  replace  several  different 
tools,  including  Crystal  Re¬ 
ports  from  Business  Objects 
SA,  on  its  various  campuses, 
said  Vijay  Verma,  UNC’s  asso¬ 
ciate  vice  president  for  infor¬ 
mation  resources  and  associ¬ 
ate  CIO. 

Vendors  Respond 

Meanwhile,  vendors  are  mov¬ 
ing  to  meet  user  demands  for 
new  BI  tools  that  can  link  dis¬ 
parate  sources  of  performance 
data. 

Hyperion  Solutions  Corp. 
this  week  will  unveil  its  Com¬ 
pliance  Management  Dash¬ 
board,  which  marries  internal 
control  data  with  financial 
data  to  help  companies  track 
compliance  with  the  Sarbanes- 
Oxley  Act.  The  new  dash¬ 
board  will  accompany  the 


unveiling  of  a  new  version 
of  Hyperion’s  performance 
management  offering. 

Earlier  this  month,  Actuate 
Corp.  rolled  out  the  Actuate 
Financial  Performance  Man¬ 
agement  Suite. 

Spectra-Physics  Inc.,  a 
Mountain  View,  Calif.-based 
manufacturer  of  laser  systems, 
has  been  using  an  earlier  ver¬ 
sion  of  Hyperion’s  perfor¬ 
mance  suite  to  integrate  in¬ 
ventory  data  from  multiple 
systems  into  dashboards. 

“The  [dashboard]  applica¬ 
tion  provides  summary  and 
detail-level  visibility  to  inven¬ 
tory  worldwide,”  said  Mark 
Rowell,  Spectra’s  IT  director. 

Toronto-based  Labatt  Brew- 


BY  MARC  L.  SONGINI 

Microsoft  Corp.  last  week 
took  the  wraps  off  its  next- 
generation  SQL  Server  2005 
database  lineup. 

The  SQL  Server  2005  family, 
code-named  Yukon,  includes 
four  editions  —  Enterprise, 
Standard,  Workgroup  and  Ex¬ 
press  —  priced  at  up  to  25% 
more  than  comparable  offer¬ 
ings  in  the  older  SQL  Server 
2000  line.  The  new  systems 
will  ship  this  summer. 

A  Microsoft  spokeswoman 
said  the  price  increases  can  be 
traced  to  new  features  in  the 
offerings  and  contended  that 
the  products  carry  lower  price 
tags  than  similar  ones  from  ri¬ 
vals  IBM  and  Oracle  Corp. 

Moreover,  Microsoft  point¬ 
ed  out  that  it  offers  multicore 
processing  licenses,  or  per- 
processor  charges,  that  cut 
price/performance  costs. 

In  addition,  SQL  Server 
2005  will  allow  users  to  ex¬ 
ploit  passive  fail-over  capabili¬ 
ty  at  no  extra  charge,  the  com¬ 
pany  said. 

At  the  high  end  of  the  new 


eries  of  Canada  is  deploying 
CPM  tools  from  Ottawa-based 
Cognos  Inc.  to  give  sales,  mar¬ 
keting  and  finance  organiza¬ 
tions  across  the  country  ac¬ 
cess  to  data  pulled  from  11  sys¬ 
tems  and  74  transaction  sets. 
The  company  went  live  with 
the  first  phase  of  its  deploy¬ 
ment  in  October,  said  Michael 
Ali,  Labatt’s  enterprise  BI 
manager. 

“We  are  trying  to  drive  tar¬ 
geted  performance  manage¬ 
ment  —  getting  everybody 
looking  at  the  same  things  . . . 
throughout  the  chain  of  com¬ 
mand,  down  to  the  territory 
manager,”  Ali  said. 

Blue  Cross  and  Blue  Shield 
of  Kansas  City  in  Missouri 


lineup,  the  SQL  Server  Enter¬ 
prise  product  includes  busi¬ 
ness  intelligence,  data  mirror¬ 
ing  and  other  advanced  capa¬ 
bilities,  the  company  said. 
These  features  will  let  users 
buy  for  one  price  —  $24,999  — 
a  full-featured  database  with- 


SQL  Server 
2005  Lineup 

■  EXPRESS  EDITION: 

Includes  simple  management 
capabilities. 

Pricing:  Available  at  no  charge 

■  WORKGROUP  EDITION: 

Includes  support  for  backup  log 
shipping. 

Pricing:  $3,899  per  processor 

■  STANDARD  EDITION: 

Features  fail-over  clustering 
and  reporting  tools. 

Pricing:  $5,999  per  processor 

■  ENTERPRISE  EDITION: 

Includes  advanced  business 
intelligence  tools  and  data- 
mirroring  capabilities. 

Pricing:  $24,999  per  processor 


next  month  will  migrate  to 
the  Business  Objects  XI  BI 
and  performance  management 
platform  to  replace  four  re¬ 
porting  products  for  275  users, 
said  BI  architect  Erik  Brokaw. 

The  health  care  organiza¬ 
tion  expects  the  system  to 


out  having  to  purchase  multi¬ 
ple  add-on  products,  said  Tom 
Rizzo,  director  of  product 
management  for  SQL  Server. 

In  addition  to  the  advanced 
data-mirroring  capabilities,  a 
snapshot  feature  lets  the  data¬ 
base  constantly  create  snap¬ 
shots  of  its  configuration  and 
thus  report  any  changes  to  its 
backup  system,  Rizzo  said. 
Managers  can  also  create  vir¬ 
tual  partitions  within  the  ap¬ 
plication,  he  said. 

Immediate  Gains 

The  reporting  capabilities  in 
the  Enterprise  edition  have 
already  allowed  users  at  beta- 
tester  Summit  Partners  to  re¬ 
tire  older  analytical  tools,  said 
Damien  Georges,  manager  of 
database  applications  at  the 
Boston-based  private  equity 
firm.  The  new  SQL  Server  re¬ 
placed  a  mixed  system  built 
around  Microsoft  Access  and 
software  from  Actuate  Corp. 
and  Crystal  Decisions  Inc.,  he 
said. 

The  package  boosted  per¬ 
formance  times  while  cutting 


support  as  many  as  450  users 
by  the  end  of  March. 

Blue  Cross  and  Blue  Shield 
of  Kansas  City  will  also  use 
Business  Objects’  CPM  tools 
to  begin  giving  executives  ac¬ 
cess  to  consolidated  analytics 
via  dashboards.  ©  52827 


software  costs  by  more  than 
$100,000  because  SQL  report¬ 
ing  costs  are  already  bundled 
into  the  existing  license, 
Georges  said. 

In  March,  Summit  plans  to 
upgrade  a  SQL  Server  2000 
system  that  powers  its  Siebel 
Systems  Inc.  CRM  application 
to  SQL  Server  2005.  The  com¬ 
pany  wants  to  change  to  the 
Enterprise  or  Standard  edition 
to  enable  it  to  implement  a 
disaster  recovery  plan  that 
includes  database  mirroring 
to  a  redundant  server. 

In  addition  to  SQL  Server 
2005  offerings,  Microsoft  also 
released  a  new  SQL  Server 
2000  Workgroup  Edition  with 
the  same  capabilities  as  its 
SQL  Server  2005  counterpart 
but  based  on  the  older  sys¬ 
tem’s  functionality.  That  ver¬ 
sion  will  ship  by  midyear. 

Mainstream  support  for 
SQL  Server  2000-based  offer¬ 
ings  will  end  two  years  after 
SQL  Server  2005  ships.  Ex¬ 
tended  support  will  end  five 
years  thereafter,  Microsoft 
said.  ©  52821 


Microsoft  Unveils  SQL  Server  2005  Offerings 
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Oracle  Grid 


All  Your  Databases 


^  No  wasted  capacity 

No  wasted  money 

*' 

^  No  single  point  of  failure 

Oracle  Grid 

It's  fast...  it's  cheap... 
and  it  never  breaks 

j 

ORACLG" 

.  -  :  :  r.' :1 

'  '  £■■  j 

oracle.com/grid 
or  call  1.800.633.0753 

Note:  'Never  breaks'  indicates  that  when  a  server  goes  down,  your  system  keeps  on  running. 


Copyright  ©  2005,  Oracle.  All  rights  reserved.  Oracle  is  a  registered  trademark  of  Oracle  Corporation  and/or  its  affiliates. 
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How  did  80%  of  information 
become  100%  useless? 

What  if  information  could  find  its  way  in  and  out  of 
databases,  all  on  its  very  own?  With  the  Adobe 
Intelligent  Document  Platform,  it's  possible.  When  you 
combine  the  logic  of  XML  and  Adobe  PDF,  suddenly 
documents  are  smarter.  Unstructured  content  unifies  with 
structured  data.  And  information  intuitively  travels  where 
it's  needed,  safely  and  securely.  It's  simplicity  at  work. 
The  Intelligent  Document  Platform.  Better  by  Adobe: 


See  how  smarter  documents  are  working  for  other  companies  at  adobe.com/idp. 


Adobe 


Adobe  Intelligent  Document  Platform 
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BEA  FinaSly  Joins 
Eciipse  Foundation 


BEA  Systems  Inc.  said  it  will  join 
the  Eciipse  Foundation  for  open- 
source  development  tools  and 
base  its  integrated  development 
environment  around  the  Eclipse 
standard.  BEA’s  membership  rep¬ 
resents  a  turnabout  for  the  com¬ 
pany,  which  had  long  been  a  hold¬ 
out.  BEA  cited  in  its  decision 
IBM’s  divestiture  of  Eclipse  and  its 
market  victory  over  the  rival  Net- 
Beans  open-source  tools  initiative 
led  by  Sun  Microsystems  Inc. 


Sonoma  Demand 
Outstrips  Supply 

Intel  Corp.  has  been  unable  to 
keep  up  with  demand  for  Sonoma, 
the  notebook  technology  it  intro¬ 
duced  in  January,  a  spokeswoman 
confirmed.  “As  a  result  of  strong 
demand,  we  are  somewhat  lean 
on  Sonoma  component  inventory,” 
she  said.  Sonoma,  the  latest  up¬ 
date  to  Intel’s  Centrino  package, 
includes  the  Pentium  M  processor, 
the  Alviso  chip  set  and  the  Intel 
Pro/Wireless  chip  for  802.11  Wi-Fi. 


Microsoft  Buys 
Axapta  Tool  Kit 

Microsoft  Corp.  has  purchased 
from  one  of  its  partners  a  tool  kit 
intended  to  simplify  deployment 
of  its  Axapta  software  for  manag¬ 
ing  finances,  supply  chains,  em¬ 
ployees  and  other  business  re¬ 
sources.  Microsoft  bought  the 
ERP  Complete  tool  kit  from 
En'tegrate  Software  LLC.  Terms 
of  the  sale  weren’t  disclosed. 


Hitachi  Cuts  Price 
Tag  for  Microdrive 

Hitachi  Global  Storage  Technolo¬ 
gies  Inc.  has  started  shipping  a 
new  version  of  its  1-in.  Microdrive 
hard  disk  drive,  which  can  hold 
50%  more  data  than  its  current 
highest-capacity  model.  The  6GB 
version  of  the  drive  costs  $299, 
compared  with  the  $499  price 
of  past  Microdrive  products.  The 
company  is  also  lowering  the  price 
of  its  4GB  Microdrive  to  $199. 
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HP  to  Integrate  AppIQ  Sui  te 
Into  Storage  Management 


Will  repackage  resource  manager  as 
Storage  Essentials  SRM  by  month’s  end 


BY  LUCAS  MEARIAN 

EWLETT- PACKARD 
Co.  today  will  an¬ 
nounce  plans  to  in¬ 
tegrate  its  Systems 
Insight  Manager  server  man¬ 
agement  platform  with  a  stor¬ 
age  resource  management 
(SRM)  suite  from  AppIQ_Inc. 

HP  joins  Hitachi  Data  Sys¬ 
tems  Corp.,  Sun  Microsystems 
Inc.  and  Silicon  Graphics  Inc., 
which  have  signed  similar 
agreements  with  AppIQover 
the  past  year  to  repackage  the 
StorageAuthority  SRM  suite. 

However,  AppIQ_Chief 
Technology  Officer  Ash 
Ashutosh  said  the  agreement 
with  HP  is  more  wide-ranging 
and  calls  for  a  much  tighter 
integration  with  HP’s  systems 
management  platform. 

Eric  Craig,  managing  direc¬ 
tor  of  the  technology  division 
at  Continental  Airlines  Inc.  in 
Houston,  said  having  an  inte¬ 
grated  view  into  his  entire 
hardware  environment  could 
reduce  the  number  of  storage 
administrators  he  needs  by 
handing  systems  oversight  off 
to  operator-level  employees. 


“The  more  I  can  streamline 
my  tool  set  and  the  fewer 
[management  interfaces]  I 
have  to  handle,  the  more  I  can 
take  operator-level  skill  sets 
and  throw  them  into  watching 
these  kinds  of  tools,”  said 
Craig,  whose  150TB  storage- 
area  network  (SAN)  is  mostly 
HP,  along  with  some  Network 
Appliance  Inc.  and  Sun  stor¬ 
age  systems. 

The  Storage  Essentials  SRM 
suite  —  HP’s  moniker  for  the 
AppIQsoftware  —  will  be 


NEW  PRODUCT 

Storage  Essentials 

■  Repackaged  AppIQ  Storage 
Authority  suite 

«  Available  as  a  stand-alone 
product  on  March  28 

■  Integration  with  Systems 
Insight  Manager  by  year’s  end 

■  Modules  include  server,  stor¬ 
age  provisioning,  chargeback, 
business  application  mapping 
and  performance  reporting 

Priced  from  $2,000  to 
$60,000,  depending  on  the 
management  modules  used 


available  March  28  to  50,000 
Systems  Insight  Manager 
users  for  $2,000  to  $60,000, 
depending  on  the  installation. 

The  suite  marks  HP’s  first 
combined  server  and  storage 
management  application.  The 
SRM  suite  will  be  integrated 
into  Systems  Insight  Manager 
by  the  end  of  this  year. 

The  integrated  system  will 
deliver  basic  SAN  manage¬ 
ment,  as  well  as  modules  for  a 
variety  of  tasks,  such  as  stor¬ 
age  provisioning  and  applica¬ 
tion  infrastructure  monitoring 
across  the  ProLiant,  Integrity 
and  HP  9000  server  lines  and 
HP’s  storage-array  lines. 

While  Storage  Essentials 
will  offer  management  of 
EMC,  Hitachi,  Sun  and  IBM 
storage  systems  at  a  basic  dis¬ 
covery  and  provisioning  level, 
Craig  said  he  isn’t  interested 
in  heterogeneous  SAN  man¬ 
agement,  because  it’s  too 
complex  and  lacks  adequate 
security. 

“What  I’d  like  to  see  is  a 
tool  that  allows  me  to  look  at 
throughput  in  a  particular  I/O 
channel,  [to]  let  me  know  if 
that  I/O  channel  is  saturated 
or  what  my  average  read  rate 
times  are  and  what  my  cache 
hit  rates  are,”  he  said.  “Those 


Planning  System  Isn’t  Fully  Delivering  at  UPS 


Start-up  problems 
slow  package-flow 
technology  rollout 

BY  LINDA  ROSENCRANCE 

United  Parcel  Service  Inc.  has 
acknowledged  that  its  new 
package-flow  system  isn’t  op¬ 
erating  as  smoothly  as  expect¬ 
ed,  with  problems  at  about  100 
of  the  300  or  so  delivery  cen¬ 
ters  where  the  homegrown 
technology  has  been  installed. 

UPS  began  rolling  out  the 
package-flow  system  in  late 
2003  as  part  of  a  $30  million 
project  [QuickLink  41713], 

The  Atlanta-based  company 
planned  to  deploy  the  system 


at  all  of  its  1,000  U.S.  delivery 
hubs  by  this  year.  But  now 
full  implementation  won’t  be 
achieved  until  the  end  of  2007, 
UPS  spokeswoman  Donna 
Barrett  said  last  week. 

The  system  uses  bar-coded 
shipping  labels  and  geograph¬ 
ic  information  systems  soft¬ 
ware,  which  runs  on  the  com¬ 
pany’s  back-end  servers.  Ac¬ 
cording  to  UPS,  the  technolo¬ 
gy  is  helping  delivery  planners 
at  some  facilities  develop 
more-efficient  routes  for  dri¬ 
vers,  saving  the  company  mil¬ 
lions  of  dollars. 

“This  year,  we’ll  probably 
see  $50  million  to  $100  million 
worth  of  cost-cutting  as  a  re¬ 


sult  of  improved  productivity 
and  reduced  mileage  and  asso¬ 
ciated  fuel  costs,”  Barrett  said. 

But  Donald  Broughton,  a 
financial  analyst  at  St.  Louis- 
based  A.G.  Edwards  &  Sons 
Inc.,  said  that  level  of  savings 
is  far  less  than  what  UPS  pro¬ 
jected  two  years  ago.  “At  that 
time,  they  said  that  by  2007, 
they  would  save  $700  million 
a  year  by  more  highly  refining 
the  way  trucks  were  loaded 
and  unloaded  and  the  way 
routes  were  planned  and  exe¬ 
cuted,”  he  said.  But  the  tech¬ 
nology  is  increasing  the  time 
it  takes  some  workers  to  load 
packages  onto  trucks,  he  noted. 

Barrett  said  the  issues  with 
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tools  would  be  good  to  have 
for  fine-tuning  some  of  my 
high-performing  applications.” 

Tony  Asaro,  an  analyst  at 
Enterprise  Strategy  Group 
Inc.  in  Milford,  Mass.,  said 
the  partnership  with  AppIQ 
should  be  a  big  boost  for  HP, 
whose  storage  operation  con¬ 
tinues  to  struggle.  “I  think  the 
market  expects  more  from 
them.  They’re  one  of  the  few 
total  solution  providers,  along 
with  IBM,  and  they  have  lost 
revenue  over  the  last  year  and 
have  lost  people,”  Asaro  said. 

Bob  Schultz,  general  manag¬ 
er  of  HP’s  Network  Storage 
Solutions  division,  said  each 
of  Storage  Essentials’  modules 
is  pretested  to  plug  into  the 
Systems  Insight  Manager  plat¬ 
form,  and  because  it’s  built  on 
standards  such  as  J2EE,  SMI-S 
and  Web-Based  Enterprise 
Management,  it  also  supports 
third-party  software. 

“As  we  move  forward,  Sys¬ 
tems  Insight  Manager  really 
becomes  an  integration  plat¬ 
form  that  we  can  plug  into 
management  cores  like  Open- 
View  and  ISV  third-party 
tools,”  Schultz  said.  ©  52818 


MORE  STORAGE  COVERAGE 

In  This  Issue:  HP’s  Bob  Schultz  explains 
his  plans  for  the  company’s  storage  unit. 
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Online:  EMC  is  unveiling  an  upgrade  to 
Centera  that  adds  search  engine  technology: 
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the  package-flow  system  are 
ones  faced  by  all  companies 
on  rollouts  of  new  technology. 
“It  fundamentally  changes 
how  certain  employees  do 
their  jobs.  And  change  is  ex¬ 
tremely  challenging  when 
you’re  trying  to  implement  it 
on  a  broad  scale,”  she  said. 

At  the  delivery  hubs  that 
have  encountered  problems, 
UPS  is  retraining  employees 
on  using  the  system  to  give 
them  a  better  understanding 
of  how  it  changes  their  jobs 
and  the  benefits  it  offers. 

“We’re  going  back  to  those 
centers  [and]  getting  the  pro¬ 
cesses  that  we  put  in  place,  as 
well  as  the  new  technology,  to 
run  as  smoothly  as  we’d  like,” 
Barrett  said.  ©  52825 
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what  will  SAS  software  mean  for  you 


SAS  software  delivers  one  powerful  business  intelligence  and  analytics  platform  for  gaining  greater 
return  on  intelligence  —  in  less  time.  For  nearly  30  years,  SAS  has  been  helping  companies  gain  answers 
to  their  most  pressing  business  questions  and  address  their  most  challenging  issues... taking  them 
Beyond  Bl.  Find  out  why  94%  of  the  FORTUNE  Global  500  rely  on  SAS  to  increase  profits,  reduce  costs, 
manage  risk  and  optimize  performance. 
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Singapore  Gears  Up 
Cybersecurity  Efforts 

The  government  of  Singapore 
plans  to  spend  38  million  Singa¬ 
pore  dollars  ($23  million  U.S.) 
over  the  next  three  years  to  implement 
a  master  plan  for  protecting  the  nation 
from  cyberattacks,  Deputy  Prime  Min¬ 
ister  Tony  Tan  announced  last  week. 

The  government  intends  to  build  a 
round-the-clock  facility  called  the 
Cyber-Threat  Monitoring  Center 
by  the  second  half  of  2006,  he  said. 

The  plan  also  includes  the  following 
elements: 

a  Assessing  the  vulnerability  of 
critical  economic  sectors. 

a  Developing  a  reliable  means  of 
authenticating  users  for  online  trans¬ 
actions. 

a  Creating  training  and  certification 
programs  for  IT  security  professionals. 

a  Improving  public 
awareness  of  information 
security  practices. 

a  Measuring  the  effec¬ 
tiveness  of  government 
agencies’  business  conti¬ 
nuity  plans. 

Tan  said  that  IT  “has 
become  the  nerve  center 
of  our  economy”  and  that 


cyberterrorism  could  disrupt  critical 
operations  such  as  systems  used  in  ma¬ 
rine  navigation,  stock  trading  or 
telecommunications.  He  indicated  that 
the  government  is  alarmed  by  a  rash  of 
computer  viruses  and  phishing  scams, 
plus  news  reports  that  North  Korea 
has  “an  army  of  cyberwarriors.” 


U.K.  Clothing  Retailer 
Plans  RFID  Expansion 

LONDON 

ONDON-BASED  RETAILER  Marks  & 
Spencer  Group  PLC  plans  to 
broaden  its  trial  of  radio  frequen¬ 
cy  identification  (RFID)  technology, 
expanding  the  test  of  a  clothing  inven¬ 
tory  system  from  nine  stores  to  53  in 
the  second  quarter  of  next  year. 

“The  feedback  so  far  from  our  staff 
has  been  very  positive  in  that  the  RFID 
tags  have  clearly  improved  our  stock¬ 
taking  process,”  Marks  & 
Spencer  spokeswoman 
Olivia  Ross  said  last 
week.  “What  takes  up  to 
eight  hours  a  week  to  do 
manually  can  be  done 
with  RFID  tags  in  about 
an  hour.” 

She  added  that  employ¬ 
ees  simply  wave  scanners 


over  racks  of  clothes  equipped  with 
the  tags. 

The  current  trial  involves  invento¬ 
ries  of  men’s  suits,  but  women’s  under¬ 
garments  will  be  added  next  year,  Ross 
said.  “We  are  looking  to  test  RFID 
with  size-complex  items,  and  for  bras 
alone,  there  could  be  over  40  sizes,” 
she  explained. 

■  LAURA  ROHDE,  IDO  NEWS  SERVICE 


Deutsche  Post,  Adobe 
To  Offer  Stamps  Online 

DUSSELDORF,  GERMANY 

onn-based  postal  company 
Deutsche  Post  AG  and  Adobe 
Systems  Inc.  this  month  jointly 
announced  a  Web-based  service  that 
lets  users  buy  postage  stamps  online 
and  receive  them  in  the  form  of  PDF 
documents.  Buyers  can  print  out  the 
stamps  using  Adobe  Reader  Versions 
6.02  and  7.0  and  affix  the  postage  to 
letters  or  parcels. 

The  Stampit  Web  service  will  initial¬ 
ly  be  made  available  as  part  of  a  pilot 
program  for  eBay  Inc.  merchants  in 
Germany  and  is  scheduled  to  be  rolled 
out  to  the  general  public  within  a  few 
months,  the  companies  said. 

Deutsche  Post  is  working  with 
Adobe’s  German  unit,  Adobe 
Systems  GmbH,  which  is  based  in 
Unterschleissheim.  ©  52791 
■  JOHN  BLAU,  ID6  NEWS  SERVICE 
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GLOBAL  FACT 


Worldwide  market  for 
RFI0  technology  in  2008. 

SOURCE:  FORECAST  BY  IDTECHEX 
LTD.,  CAMBRIDGE,  ENGLAND 


Briefly  Noted 

The  U.K.'s  Foreign  and  Common¬ 
wealth  Office  -  similar  to  the 
U.S.  Department  of  State  -  this 
month  awarded  Hewlett-Packard 
Co.  a  seven-year,  £180  million 
($343  million)  contract  to  upgrade 
the  agency’s  secure  network  of 
desktop  systems  at  more  than  200 
locations  in  the  U.K.  and  abroad. 

■  SCARLET  PRUITT,  IDG  NEWS  SERVICE 


Jeff  Smith,  CIO  at  Telstra  Corp.  in 
Melbourne,  Australia,  since  2002, 
is  leaving  his  post  at  the  country’s 
biggest  telecommunications  carrier 
on  March  31,  according  to  an  inter¬ 
nal  e-mail  from  Ted  Pretty,  Telstra’s 
general  managing  director.  In  the 
e-mail,  Pretty  praised  Smith’s  ac¬ 
complishments  but  also  signaled 
that  a  shake-up  of  Telstra’s  IT  oper¬ 
ations  is  imminent. 

■  JULIAN  BAJK0WSKI,  COMPUTER- 
WORLD  TODAY  (AUSTRALIA) 


The  European  Medicines  Agency, 
a  London-based  regulatory  organi¬ 
zation,  this  month  awarded  Micro- 
Strategy  Inc.  in  McLean,  Va.,  a 
$3  million  contract  to  provide  busi¬ 
ness  intelligence  software  and  ser¬ 
vices  for  analyzing  drug  safety. 


Feds  Could  Face  More  IT  Security  Mandates 

Legislator  says  some  agencies  have  ‘a 
long  way  to  go’  on  protecting  systems 


BY  JAIKUMAR  VIJAYAN 

On  Feb.  16,  U.S.  Rep.  Tom  Davis 
(R-Va.),  chairman  of  the  Gov¬ 
ernment  Reform  Committee,  re¬ 
leased  a  report  card  giving  fed¬ 
eral  agencies  an  overall  D+ 
grade  on  computer  security  for 
2004  [QuickLink  52707],  In 
an  interview  last  week,  Davis 
spoke  about  the  government’s 
IT  security  performance  and 
warned  that  more  mandates 
are  on  the  way  if  agencies  with 
low  grades  don’t  fix  their  prob¬ 
lems  soon. 

What  were  your  conclusions  on 
the  overall  security  performance 
of  federal  agencies?  I  think  it’s 
improving,  but  it’s  not  improv¬ 


ing  fast  enough  at  this  point. 
The  overall  agency  scores  rose 
by  2.5  points,  but  they  still 
scored  a  D+.  We  just  need  to 
continue  to  give  this  focus, 
and  hopefully  we  won’t  have 
some  kind  of  cyberattack  or 
cyber  Pearl  Harbor.  We  have 
to  be  inspired  by  that 
to  try  and  stay  ahead 
of  the  curve. 

Why  are  some  agencies 
faring  so  well  while  others 
appear  to  be  struggling? 

Leadership.  It  basically 
goes  to  the  CIO  and 
the  agency  heads  and 
their  ability  to  coordi¬ 
nate  on  this.  They  need 


to  get  a  plan,  and  they  need  to 
execute  on  it.  Some  agencies 
have  put  the  resources  into  it, 
and  others  —  they  haven’t. 
Some  have  still  a  long  way 
to  go. 

What’s  the  incentive  to  improve 
when  there  are  no  funding  cut¬ 
backs  or  other  repercussions  for 
bad  grades?  I  don’t  know  if  you 
want  to  punish  people  by  with¬ 
holding  funding.  That 
makes  it  even  tougher 
for  them  to  meet  their 
goals.  But  I  think  there 
may  be  an  embarrass¬ 
ment  factor.  If  you  want 
to  have  career  advance¬ 
ment  and  you  come  off 
an  agency  that  has  got  a 
bad  [security]  grade,  it 
probably  isn’t  going  to 
help  you  move  to  the 


next  level.  Eventually,  I  think 
there  will  be  a  funding  attach¬ 
ment.  These  scorecards  are 
fairly  new,  and  we  are  trying  to 
get  an  appropriations  buy-in. 

Many  of  the  recommended  secu¬ 
rity  controls  for  federal  agencies 
will  become  mandated  by  the  end 
of  this  year.  What  impact  will  that 
have  on  the  report  cards  next 
year?  Mandates  are  better 
than  suggestions,  unfortu¬ 
nately.  You  hate  to  get  to  the 
point  where  you  have  to  man¬ 
date  things  that  need  to  get 
done.  But  I  think  that  is  the 
way  Congress  will  react  — 
with  more  mandates  on  agen¬ 
cies  that  will  put  more  bur¬ 
den  on  them.  We  would 
rather  have  [agencies]  solve 
the  issues  themselves.  But  if 
they  can’t  do  that,  I  think 


they’ll  get  a  lot  more  mandates. 

You  identified  several  areas  where 
federal  agencies  need  to  improve, 
including  annual  reviews  of  IT  con¬ 
tractors,  testing  of  contingency 
plans  and  incident  reporting. 
What’s  the  problem?  They  don’t 
have  the  finances  for  it.  The 
basic  problem  is  that  we’re 
asking  them  to  do  this  in  some 
cases  without  giving  them  a 
lot  of  new  money.  They’re 
kind  of  waiting  for  additional 
money  to  come  through. 

How  will  the  CIS0  Exchange  that 
you’re  setting  up  for  chief  infor¬ 
mation  security  officers  help  im¬ 
prove  things?  Hopefully,  we’ll 
get  people  from  agencies  that 
have  [improved  security] 
going  into  agencies  that 
haven’t  done  it  and  showing 
them  how  to  do  it.  You  get 
some  [cross-]pollination  that 
way.  ©  52822 
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WE  KEEP  YOUR  PEOPLE  MOVING 
WITHOUT  SHAKING  THINGS  UP 
AT  THE  OFFICE. 


Soon,  over  99  million  employees  worldwide  will  be  working  outside  the  office.'  Is  your  communications 
infrastructure  ready?  It  will  be  with  Avaya  IP  Telephony.  Give  your  employees  the  capability  to  work  from  the 


road,  at  home,  anywhere  — with  advanced  solutions  that  are  easy  to  use  and  simple  to  maintain. 

Keep  your  existing  network  up  and  running.  Avaya  lets  you  leverage  your  existing  technology  in  a  multi-vendor 
environment,  so  you  can  migrate  your  IP  deployment  with  confidence. 

Secure?  Absolutely.  Our  industry-leading,  end-to-end  media  encryption  protects  each  IP  call.  Avaya  experts  help 
you  design,  seamlessly  implement,  manage,  and  maintain  your  network  for  fully  optimized  performance.  As  the 
award-winning  leader  in  IP  telephony,2  and  with  our  unique  approach  of  embedding  communications  at  the  heart 
of  your  business,  Avaya  is  the  perfect  partner  to  help  keep  your  people  connected,  no  matter  where  they  are. 

GET  STARTED  AT  WWW.AVAYA.COM/MOVING-WITH  A  FREE  WHITE  PAPER 
“BEST  PRACTICES  FOR  IP  DEPLOYMENT  IN  A  MULTI-VENDOR  ENVIRONMENT.” 

Or  call  1-866-697-5566  to  speak  to  a  representative. 
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Software  Ownership  Battle 
Adds  $10M  to  Cost  of  ‘Big  Dig’ 


BY  MARC  L.  SONGINI 

ailure  to  secure  ac¬ 
cess  to  the  source  code 
of  a  key  application 
added  more  than 
$10  million  to  the  cost  of  the 
infamous  “Big  Dig”  highway 
construction  project  in  Bos¬ 
ton,  according  to  the  Massa¬ 
chusetts  state  auditor. 

The  application,  called  the 
Integrated  Project  Control 
System  (IPCS),  handles  traffic, 
roadway,  fire  and  security  sys¬ 
tems  management  for  the 
$14  billion  Central  Artery/ 
Third  Harbor  Tunnel  Project. 
Software  development  for 
the  IPCS  project  remains  un¬ 
finished. 

The  initial  application  was 
created  by  Transdyn  Inc., 
which  was  awarded  the  con¬ 
tract  for  the  first  phase  of  the 
project.  The  problem  occurred 
when  Transdyn  refused  to 
hand  over  access  codes  for 
the  application  to  Honeywell 
Technology  Solutions  Inc., 
which  won  a  contract  to  devel¬ 
op  the  next  phase. 

Massachusetts  State  Auditor 
Joe  DeNucci  this  month  said 
the  failure  of  project  managers 
to  secure  “timely  ownership” 
of  the  IPCS  software  boosted 
the  cost  of  the  project.  The 
matter  wound  up  in  court  and 
cost  the  state  millions  in  over¬ 
runs  and  other  costs,  he  said. 

“The  significance  of  this  au¬ 
dit  is  that  it’s  a  good  example 
of  the  kinds  of  things  that  went 
wrong  in  the  project,”  said  a 
spokesman  for  DeNucci.  It  in¬ 
dicates  a  failure  to  foresee  that 
“a  dispute  over  the  access  to 
the  software  code  [could  lead 
to  a]  problem  that  would  delay 
the  second  phase,”  he  said. 

Groundwork  for  Lawsuits 

The  initial  phase  of  the  IPCS 
project  started  in  1994,  when 
Pleasanton,  Calif. -based  trans¬ 
portation  software  maker 
Transdyn  won  a  $52  million 
contract  to  develop  the  appli¬ 
cation  for  the  first  phase  of 


the  Big  Dig,  according  to  the 
audit  report.  The  system  was 
based  on  Transdyn’s  Dynac 
transportation  management 
software.  In  1999,  Honeywell 
won  a  $104  million  contract  to 
build  the  next  phase  of  the 
system  to  control  and  monitor 
the  entire  Big  Dig  project. 

At  that  point,  Transdyn  re¬ 
fused  to  turn  over  the  Dynac 
source  code  to  Honeywell, 
claiming  that  the  technology 
was  “proprietary  and  forms 
the  cornerstone  of  a  portion  of 
its  business.”  The  state  argued 
that  Dynac  had  been  modified 
as  part  of  the  project  and  had 
thus  become  a  customized 
piece  of  software  not  subject 
to  the  legal  safeguards  for  off- 
the-shelf  applications. 

Massachusetts  paid  Trans¬ 
dyn  $350,000  in  a  1999  out-of- 
court  settlement  of  lawsuits 
that  each  had  filed  against  the 


Continued  from  page  1 

Hackers 

—  a  term  coined  to  describe 
attacks  involving  the  use  of 
search  engines  —  is  becom¬ 
ing  a  potent  threat  to  IT  secu¬ 
rity,  said  George  Kurtz,  senior 
vice  president  of  risk  manage¬ 
ment  at  security  software 
vendor  McAfee  Inc.  in  Santa 
Clara,  Calif. 

“It’s  all  about  coming  up 
with  the  right  search  criteria,” 
Kurtz  said.  “By  crafting  certain 
requests,  you  can  pull  back  a 
lot  of  very  specific  informa¬ 
tion.”  For  instance,  searches 
can  reveal  the  existence  of 
misconfigured  servers,  as  well 
as  password  files  and  vulnera¬ 
ble  software,  he  said. 

Search  engines  such  as 
Google  “provide  an  extremely 
effective  way”  to  gather  infor¬ 
mation  that  can  be  used  to  at¬ 
tack  Web  sites,  concurred  Gra¬ 
ham  Cluley,  a  senior  technol¬ 
ogy  consultant  at  Sophos  PLC, 
another  security  vendor. 


other.  Under  the  deal,  Honey¬ 
well  sublicensed  the  software 
from  the  state  “under  certain 
safeguards,”  the  report  stated. 

The  auditor  based  the  $10 
million  price  tag  for  the  prob¬ 
lem  on  the  state’s  decision 
to  waive  $2.72  million  in  dam¬ 
ages  it  believed  it  was  owed 


Hackers  have  always  relied 
on  shortcuts  and  tools  to  do 
their  dirty  work,  said  Hugh 
McArthur,  director  of  infor¬ 
mation  systems  security  at 
Online  Resources  Corp.,  a 
Chantilly,  Va.-based  online  bill 
processor.  “This  is  just  one 
more  approach,”  he  said, 
adding  that  his  company  is  us¬ 
ing  search  engines  and  other 
tools  to  look  for  any  compro¬ 
mising  information  that  can  be 
gleaned  from  its  Web  site. 

Robert  Olson,  a  systems  ad¬ 
ministrator  at  Uline  Inc.  in 
Waukegan,  Ill.,  said  the  dis¬ 
tributor  of  packing  and  ship¬ 
ping  materials  is  doing  regular 
audits  in  order  to  keep  “a  tight 
rein”  on  the  information  avail¬ 
able  via  its  Web  site. 

“We  are,  of  course,  con¬ 
cerned,”  Olson  said.  “Worms 
that  use  tools  like  Google,  Ya¬ 
hoo,  MSN  Search  or  AltaVista 
to  seek  out  vulnerable  systems 
or  e-mail  addresses  make  for  a 
much  more  efficient  attack.” 

The  advanced  functions 
supported  by  search  engines 


by  Transdyn  and  an  estimated 
$7.2  million  cost  for  the  four- 
month  delay  in  the  project 
caused  by  the  interruption 
of  the  software  hand-over  — 
bringing  the  total  cost  overrun 
to  $10.3  million. 

Meanwhile,  Honeywell  in 
December  negotiated  an  end 


make  it  relatively  easy  for 
even  novice  hackers  to  scope 
out  Web  sites  and  gather  vul¬ 
nerability  data,  according  to 
Kurtz.  Google  lets  users  limit 
searches  to  specific  Web  sites 
and  domains,  to  specific  Files 
on  Web  sites  and  even  to  spe¬ 
cific  pieces  of  text  within  files. 

There  is  also  a  growing  vol¬ 
ume  of  information  on  the 
Web  about  search  strings  that 
can  be  used  to  unearth  sensi¬ 
tive  information  from  the  un- 


HThe  ability 
of  search 

engines  to  discover 
a  lot  of  information 
that  was  not  neces¬ 
sarily  hidden  but 
was  a  lot  less  avail¬ 
able  previously  is 
scary. 

MATT  KESNER,  CHIEF  TECHNOLOGY 
OFFICER,  FENWICK  &  WEST  LLP 


to  its  contract  for  the  project, 
whose  price  tag  has  ballooned 
from  $104  million  to  $188  mil¬ 
lion  since  1999.  Vic  Miller,  vice 
president  and  general  counsel 
at  Columbia,  Md.-based  Hon¬ 
eywell,  said  the  audit  bolsters 
his  company’s  position  that 
the  late  delivery  of  the  Dynac 
software  was  among  the  fac¬ 
tors  that  affected  its  ability  to 
deliver  its  portion  of  IPCS  for 
the  agreed-upon  price. 

Currently,  Transdyn  is  nego¬ 
tiating  with  Big  Dig  authori¬ 
ties  to  complete  the  IPCS  sys¬ 
tem,  said  a  Transdyn  spokes¬ 
man.  He  said  the  company  “is 
not  in  a  position  to  comment” 
on  the  auditor’s  report. 

The  Massachusetts  Turn¬ 
pike  Authority,  which  man¬ 
ages  the  Big  Dig,  declined  to 
comment  on  the  specifics  of 
the  audit.  In  an  e-mail  state¬ 
ment  the  authority  said,  “We 
have  been  very  candid  about 
the  issues  we  have  encoun¬ 
tered  with  the  installation  of 
the  IPCS  system  and  have  al¬ 
ready  referred  those  issues 
over  [to  the  state  attorney  gen¬ 
eral]  for  potential  cost  recov¬ 
ery  actions.”  ©  52820 


wary.  One  site  has  compiled  a 
database  of  more  than  800  dif¬ 
ferent  Google  hacks  that  can 
be  used  to  pull  data  from  Web 
sites,  Web  cameras  and  even 
Internet-connected  printers. 

Such  information  can  actu¬ 
ally  be  useful  to  IT  managers 
in  Figuring  out  where  their  se¬ 
curity  vulnerabilities  are,  said 
Jarrad  Winter,  network  securi¬ 
ty  manager  at  Western  United 
Insurance  Co.  in  Irvine,  Calif. 
“It  can  be  really  handy  for 
penetration  testing,”  he  said. 

Apart  from  keeping  sensitive 
data  off  the  Web,  there  are  oth¬ 
er  steps  companies  can  take  to 
ensure  that  they  aren’t  com¬ 
promised  by  searches,  Kurtz 
said.  That  includes  using  so- 
called  robots.txt  files  to  block 
search-engine  crawlers  from 
indexing  sensitive  portions  of 
Web  sites.  In  addition,  dis¬ 
abling  directory  listings  can 
keep  crawlers  out  if  they  slip 
by  a  robots.txt  File.  Using  pass¬ 
words  to  protect  IT-related 
information  on  sites  is  also  a 
good  idea,  Kurtz  said.  ©  52823 
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HP  Exec  Explains  Plan 
For  Storage  Operation 


Vendor  is  adding 
expertise,  channels 
to  take  on  IBM,  EMC 


BY  LUCAS  MEARIAN 

Although  Hewlett-Packard  Co.’s 
storage  revenue  has  been  on 
the  upswing  since  last  year’s 
third  quarter,  it  remains  down 
from  a  year  ago.  HP’s  first- 
quarter  results  showed  a  slight 
year-over-year  decline  in  stor¬ 
age  revenue,  but  a  smaller  one 
than  in  previous  periods.  Bob 
Schultz,  HP’s  general  manager 
of  storage  solutions,  spoke  with 
Computerworld  about  HP’s 
plan  for  improving  its  competi¬ 
tive  position  in  the  storage  mar¬ 


ket.  One  thing  Schultz  wouldn’t 
talk  about  is  whether  the  de¬ 
parture  of  former  HP  CEO  Car- 
ly  Fiorina  will  affect  his  plans. 

How  are  you  responding  to  in¬ 
creased  pressure  from  IBM  at  the 
high  end,  Dell  at  the  low  end  and 
EMC  at  both  ends?  In  Q3  [2004], 
we  were  down  15%  [year-over- 
year  in  storage  revenue].  In 
Q4,  we  were  down  10%.  In 
Q1  [2005],  we  were  down  1%. 
That  gives  you  the  trajectory, 
which  is  up  and  to  the  right. 
On  all  those  fronts,  the  chal¬ 
lenge  was  around  field  execu¬ 
tion.  We’ve  been  hiring  stor¬ 
age  specialists,  because  as  you 
look  at  the  high  end,  that’s  cer¬ 


tainly  where  you  need  some¬ 
one  that’s  steeped  in  knowl¬ 
edge.  We’ve  been  partnering 
with  channel  partners.  That 
process  is  going  on,  and  that’ll 
give  us  more  coverage. 

You  recently  signed  a  deal  with 
ApplQ  to  resell  its  Storage- 
Authority  product  as  a  way  to 
combine  server  and  storage  man¬ 
agement  on  one  screen.  Vendors 
like  Hitachi  and  IBM  have  signed 
similar  deals.  What  sets  HP 
apart?  We’re  the  first  ones  re¬ 
ally  unifying  servers  and  stor¬ 
age.  When  I  look  at 
what  Hitachi  has  done 
in  the  past,  it’s  been  all 
around  storage.  What  I 
believe  IBM  is  doing  is 
all  around  its  Total- 
Storage  management 
center.  What  we’re  do¬ 
ing  is  saying,  as  you 
look  out  into  the  future, 


where  we  virtualize  the  infra¬ 
structure,  you  really  want  to 
be  managing  the  servers  and 
storage  in  a  consistent  way. 

Users  have  given  your  midrange 
Enterprise  Virtual  Array  high 
marks,  but  that’s  at  the  homo¬ 
geneous  level,  not  the  heteroge¬ 
neous  level.  How  will  HP  support 
competitors’  systems?  We’re 
missing  mainframe  support  on 
the  EVA,  but  that’s  not  the  tar¬ 
geted  market  for  EVA. 

That’s  on  the  server  side,  but 

what  about  the  host  side? 
What  if  I  have  EVA  on  the 
back  end  and  I  want  to 
have  EMC’s  Centera  or 
Hitachi’s  Thunder  array 
on  the  same  network? 
The  benefit  of  working 
on  the  open  manage¬ 
ment  platform  is  that 
we’ll  manage  heteroge¬ 


neous  environments.  That’s 
one  of  the  values  of  working 
with  ApplQ.  They  bring  rela¬ 
tionships  with  Hitachi  and 
others. 

IBM  said  it  is  already  doing  that 
and  extended  the  integration  re¬ 
cently  to  its  BladeCenter  server 
systems,  where  you  have  the 
servers,  network  and  storage  all 
in  one  place.  What  sets  you 
apart?  “All  in  one  place”  is  dif¬ 
ferent  from  integrated.  A  lot  of 
people  . . .  say,  “Let’s  have  this 
single  pane  of  glass,”  which 
means,  “Let’s  have  27  windows 
running  on  a  single  monitor.” 

A  lot  of  companies  say  [they] 
have  tools  in  each  space,  but 
what  they  really  haven’t  done 
is  say,  “We’re  going  to  have  a 
systems  management  tool  that 
highly  integrates  how  I  man¬ 
age  my  storage  and  my  com¬ 
pute  environment.”  ©  52790 


Suffering  from  Data 
Backup  TraumaP 

Check  out  the  hilarious  new  online  video: 


P  TR/ 

Starring  John  Cleese 


Get  ready  for  side-splitting  hilarity  as  comic  genius  ^ 
John  Cleese  makes  lighthearted  fun  of  backup  as 1 
know  it.  See  the  new  online  video,  THE  INSTITU1 
FOR  BACKUP  trauma;  in  which  Dr.  Harold  Twaii 
Week  (Cleese)  takes  you  on  a  tour  of  his  new  Institute 
dedicated  to  the  treatment  and  prevention  of  the 
tragedy  called  Backup  Trauma  (BT).  Co-starring 
Michael  Dorn. 


LiveVault 


*****  4  Stars!’ 

Tape  Backup 
Trauma  Times 


- 


“I  laughed.  I  cried. 

I  called  my  vendor.” 

IT  guy  named  Fred 

“3  Thumbs  Up!" 

Recovery  Failure 
Monthly 


SEE  IT  NOW  AT 


First  10,000  viewers  get  a  free  movie  poster  I Sw ah ^ ..If 

featuring  John  Cleese  -  a  true  collector’s  item!  W  W  W*l  I  VwVcIll  I  l«COl 

t  2005  LiveVault  Corporation.  All  Rights  Reserved.  LiveVault  is  a  registered  trademark  and  Institute  for  Backup  Trauma  is  a  trademark  of  LiveVault.  Inc.  All  other  products  and  brands  are  trademarks  of  their,  respective  holders. 
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IBM  ThinkPad  R  Series 
(mode!  not  featured) 


GO  with  IBM  Think  Express  Program 

'  IBM  Think  Express  models  are  configured  and  priced 
, ,  with  small  to  medium-size  businesses  in  mind. 


IBM  rated  #1  in  tech  support  for  desktops 
and  notebooks  by  PC  Magazine  readers. 
PC  Magazine  17th  Annual  Reader 
Satisfaction  Survey  -  July  14,  2004 
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Put  a  solid  barrier  between  your 

wireless  PC  and  thieves.  Select  IBM  wireless 

ThinkPad®  notebooks,  like  the  ThinkPad  X40  featured  to  the  right,  offer 
an  added  layer  of  data  protection  —  a  vaultlike  combination  of  a  built-in 
security  chip  and  sophisticated  data  encryption  software?  In  fact,  it's 
so  advanced,  it  actually  makes  data  unreadable  if  tampered  with. 
And  only  IBM  offers  PCs  with  this  level  of  security  as  a  standard  feature. 


IBM  ThinkPad  R50e 

Ultimate  Value 

Distinctive  IBM  Innovations: 

•  IBM  Rescue  and  Recovery™  -  One-button 
recovery  and  restore  solution 

•  IBM  Access  Connections  -  switch  between 
wired  and  wireless  connections 

System  Features: 

•  Intel®  Centrino™  Mobile  Technology 

•  Intel®  Pentium®  M  Processor  725  (1 ,60GHz)2 

♦  Intel®  PRO/Wireless  Network  Connections  802.1 1  b/g3 

•  Microsoft  Windows  XP  Professional4 

•  15"  XGA  TFT  display  (1024x768) 

•  256MB  DDR  SDRAM5 

•  30GB  hard  drive6 

•  CD-RW/DVD-ROM  combo 

•  IBM  UltraConnect™  Antenna  for  increased 
signal  strength 

•  1-yr  system/battery  limited  warranty8 


Plus,  with  Intel®  Centrino™  Mobile  Technology  and  on-the-fly  folder 


encryption,  users  can  work  wherever  they  please,  knowing  that  their 


data  will  be  protected.  No  matter  who’s  lurking  around. 


Instead 


of  a  welcome  mat. 

Embedded  Security  Subsystem.  Only  on  a  ThinkPad. 


1  866  426-5918  ibm.com/shop/m562 


NavCode  1842HRU-M562 

THINK  EXPRESS  MODEL  PRICED  AT: 


$1,269* 


$45/mo  for  36  months 
SuccessLease  for  Small  Business19 

ServicePac®  Service  Upgrade:9 
3-yr  Depot  Repair  #30L9192  $132 


IBM  ThinkPad  X40 

Our  thinnest  and  lightest 

Distinctive  IBM  Innovations: 

•  IBM  Embedded  Security  Subsystem  2.0 

•  IBM  Rescue  and  Recovery™  - 
One-button  recovery  and  restore  solution 

System  Features: 

•  Intel®  Centrino™  Mobile  Technology 

•  Intel®  Pentium®  M  Processor  ULV  1.10GHz 

•  Intel®  PRO/Wireless  Network  Connection  802.11  b/g 

•  Microsoft  Windows  XP  Professional 

•  12.1"  XGA  TFT  display  (1024x768) 

•  256MB  DDR  SDRAM 

•  20GB  hard  drive 

•  Integrated  Gigabit  Ethernet  and  modem 

•  Legendary  IBM  full-size  keyboard10 

•  Only  .94"  thin11 

•  2.7-lb  travel  weight12 

•  1-yr  system/battery  limited  warranty” 


NavCode  2386A4U-M562 

THINK  EXPRESS  MODEL  PRICED  AT: 


$1,499* 


$53/mo  for  36  months 
SuccessLease  for  Small  Business 
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optional  travel  bezel  instead  of  standard  optical  drive  in  Ultrabay  bay,  if  applicable;  weight  may  vary  due  to  vendor  components,  manufacturing  process  and  options.  (19)  SuccessLease:  SuccessLease  program,  rates  and  terms  are  provided  by  third-party  financiers 
approved  by  IBM  Global  Financing  to  credit-qualified  business  customers  installing  in  the  U.S.  Featured  monthly  lease  payments  based  on  prespecified  end-of-lease  purchase  option;  documentation  fee  and  first  month's  payment  due  at  lease  signing;  taxes  are  additional. 
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Enterprise  Rent-A-Car  wanted  to  reduce  operational  costs. 
Xerox  found  the  key  to  success  by  moving  3  million  vital 
documents  onto  their  intranet  every  month. 
There’s  a  new  way  to  look  at  it. 
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ChoicePoint  Error  Prompts 
Calls  for  Identity  Theft  Law 


Privacy  groups,  senator 
demand  hearings 

BY  GRANT  GROSS 

A  variety  of  privacy  groups  and  U.S. 
Sen.  Dianne  Feinstein  (D-Calif.)  are  re¬ 
newing  calls  for  a  national  privacy  law 
in  the  wake  of  news  that  data  collector 
ChoicePoint  Inc.  mistakenly  gave  pri¬ 
vate  information  on  up  to  145,000  U.S. 
residents  to  identity  thieves. 

Alpharetta,  Ga.-based  ChoicePoint 
this  month  reached  an  agreement  with 
19  state  attorneys  general  to  tell  poten¬ 
tial  victims  that  thieves  may  have 
gained  access  to  personal  information 
such  as  Social  Security  numbers  and 
credit  reports  [QuickLink  52719]. 

Potential  victims  live  in  all  50  states, 
the  District  of  Columbia,  Puerto  Rico, 
Guam  and  the  U.S.  Virgin  Islands. 

The  ChoicePoint  problem  points  to 
the  need  for  a  national  privacy  law, 
said  the  Electronic  Privacy  Informa¬ 
tion  Center  (EPIC)  and  the  Center  for 
Democracy  and  Technology  (CDT). 

For  most  U.S.  companies,  only  a 
2003  California  law  requires  identity 
theft  notification. 

“There  certainly  is  agreement  that 
we  need  better  notification,  exactly 
because  of  cases  like  this,”  said  Ari 
Schwartz,  associate  director  at  the  CDT. 

Feinstein  has  also  called  for  congres¬ 
sional  hearings  on  privacy  legislation 
she  introduced  this  year.  Feinstein’s 


Notification  of  Risk  to  Personal  Data 
Act  would  require  businesses  and 
government  agencies  to  notify  likely 
victims  when  there  is  a  “reasonable 
basis  to  conclude”  that  a  criminal  has 
obtained  unencrypted  personal  data. 

Legislative  Prospects 

Feinstein’s  bill  lacks  co-sponsors,  and  a 
similar  bill  of  hers  went  nowhere  in 
Congress  in  2004.  “Moving  any  bill  is 
always  a  difficult  prospect,  but  now 
more  people  are  coming  to  an  under¬ 
standing  of  the  issue  of  identity  theft,” 
a  Feinstein  spokesman  said. 

Schwartz  and  Marc  Rotenberg, 
EPIC’s  president,  questioned  whether 
ChoicePoint  would  have  notified  po¬ 
tential  victims  at  all  without  the  Cali¬ 
fornia  identity  theft  law.  “They’ve  been 
reckless  with  people’s  information,” 
Rotenberg  said  of  ChoicePoint. 

David  Bernknopf,  a  ChoicePoint 
spokesman,  disagreed.  The  company 
first  notified  the  sheriff’s  office  in  Los 
Angeles  County  in  October  of  the  pos¬ 
sible  data  leak  because  it  believed  the 
leak  started  there,  he  said.  It’s  still  not 
clear  how  the  thieves  got  access  to 
ChoicePoint’s  data,  Bernknopf  said. 

Authorities  believe  a  group  of  people 
used  IDs  stolen  from  legitimate  busi¬ 
nesspeople  to  set  up  phony  businesses 
that  contracted  with  ChoicePoint  for 
identity  checks,  he  said.  ©  52787 


Gross  writes  for  the  IDG  News  Service. 


Phony  FBI  E-mail 
Launches  Virus 

BY  TODD  R.  WEISS 

A  fake  e-mail  that  purports  to  be  from 
the  FBI  is  circulating  on  the  Internet 
with  a  computer  virus  as  its  payload. 

The  FBI  last  week  warned  that 
the  unsolicited  e-mail  tells  users  that 
“their  Internet  use  has  been  monitored 
by  the  FBI’s  Internet  Fraud  Complaint 
Center  and  that  they  have  accessed 
illegal  Web  sites.” 

The  bogus  message  then  asks  recipi¬ 
ents  to  click  on  an  attachment  and 
answer  some  questions  about  their 
alleged  illegal  Internet  use.  But  rather 
than  being  a  questionnaire,  the  attach¬ 
ment  infects  the  recipient’s  computer 
with  an  as  yet  undetermined  virus. 


Paul  Bresson,  an  FBI  spokesman, 
said  last  week  that  the  agency  discov¬ 
ered  the  phony  e-mail  over  the  previ¬ 
ous  weekend  after  several  recipients 
notified  the  FBI.  He  said  he  didn’t 
know  exactly  how  many  complaints 
were  received. 

The  e-mail  message  has  multiple 
misspellings  and  is  written  in  broken 
English,  Bresson  said.  “The  wording  is 
very  poor,  which  helps  us,”  he  said. 
“We’re  hoping  that  that  flags  people.” 

Bresson  said  he  didn’t  know  whether 
any  victims  of  the  scam  have  provided 
their  credit  card  numbers  or  other 
information. 

Pete  Lindstrom,  an  analyst  at  Spire 
Security  LLC  in  Malvern,  Pa.,  said  fake 
e-mail  messages  will  continue  to  be  a 
problem  until  tighter  standards  for 
sending  e-mails  are  adopted  by 
senders  and  recipients.  ©  52788 


Enterprise  Rent-A-Car  wanted  to  make  their  document 
process  more  efficient.  So  they  consulted  with  a  team  of 
document  experts  from  Xerox.  Working  together,  they 
analyzed  the  document  process  across  thousands  of 
locations  worldwide,  and  initiated  systemic  improvements 
in  key  aspects  of  filing  and  retrieving  mission  critical 
documents. 

By  implementing  a  Xerox  Global  Services  Imaging 
and  Retrieval  solution,  3  million  critical  documents 
a  month  are  scanned  and  stored  into  an  electronic 
repository,  making  them  instantly  available  over  the 
Enterprise  Intranet  whenever  needed. 

The  result:  Documents  are  managed  in  a  timely 
manner.  Redundancy  and  errors  are  cut  way  back,  and 
security  is  maximized. 
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and  cost-saving  expertise  to  your  business,  simply  call 
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AVE  YOU  SEEN  that  IBM  commercial 
with  the  little  Chinese  girl?  It’s  one  of 
those  IBM  help  desk  ads,  and  the  girl 
says  she  needs  help  because  she  wants 
to  learn  about  so  many  things,  but  she 


lives  on  a  farm  in  China  and  can’t  go  to  school.  The 
problem  is  solved  when  she’s  able  to  attend  a  virtual 
class  made  possible  by  technology. 


I  first  saw  the  commer¬ 
cial  around  the  time  I  was 
receiving  a  lot  of  mail 
from  irate  readers  who 
vehemently  disagreed 
with  the  position  I  took 
three  weeks  ago  in  my 
column  titled  “The  Three 
Stooges.”  In  that  column, 

I  argued  that  the  three 
U.S.  congressmen  who 
raised  a  national  security 
alarm  in  response  to 
IBM’s  plan  to  sell  its  PC 
business  to  China’s  Lenovo  Group 
were  engaged  in  legislative  buffoon¬ 
ery  [QuickLink  52310]. 

The  reaction  from  some  readers 
was  intense.  “You  are  just  another 
silver-haired  corporate  lackey,  toeing 
the  corporate  line,”  one  wrote.  “Com¬ 
panies  like  IBM  and  Microsoft,  and 
corporate  stooges  like  yourself  who 
front  for  them,  are  little  more  than 
traitors.”  Citing  the  threat  of  war  with 
China,  this  reader  suggested  that  I 
consult  with  my  son,  who  is  in  the 
Navy,  before  I  write  my  “next  piece  of 
knuckle-headed,  traitorous  trash.” 

“You  put  personal  gain  over  patri¬ 
otism,”  another  reader  echoed.  “You 
deserve  a  traitor] ’s]  fate.  I  would 
love  to  watch  that.” 

It  occurred  to  me  as  I  watched  the 
little  girl  in  the  IBM  commercial  that 
a  lot  of  these  readers  are  probably 
irate  about  IBM  supplying  technolo¬ 
gy  to  educate  Chinese  children.  Af¬ 
ter  all,  educated  children  grow  up  to 
be  skilled  adults  who  might  very 
well  be  compelled  to  join  China’s 
military  forces.  I  have  no  doubt  that 
many  Americans  contend  that  our 
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national  security  would 
be  better  protected  by 
withholding  the  means 
for  Chinese  children  to 
be  educated.  I  disagree. 

For  the  record,  I’m  not 
naive.  I  wasn’t  all  that  far 
from  Beijing  during  the 
Tiananmen  Square  mas¬ 
sacre  on  June  4, 1989. 
There  are  a  lot  of  things 
in  China  that  need  to 
change.  But  how  can 
they  be  changed?  And 
should  we  help  change  them? 

Of  course  we  should.  That’s  be¬ 
cause  a  little  girl  on  a  farm  in  China 
has  just  as  much  right  to  an  educa¬ 
tion  as  a  little  girl  on  a  farm  in  Iowa. 
And  it’s  just  as  important  for  a  Bei¬ 
jing  University  student  watching  a 
tank  rumbling  toward  him  to  have 
free  speech  as  it  is  for  a  Flarvard  stu¬ 


dent  protesting  the  low  pay  of  jani¬ 
torial  workers.  The  only  way  those 
changes  will  come  is  for  the  West  to 
continue  to  engage  China  commer¬ 
cially,  culturally  and  politically.  Any¬ 
one  who  has  been  to  China  in  the 
past  decade  has  witnessed  remark¬ 
able  positive  change  as  a  direct  re¬ 
sult  of  that  engagement. 

And  for  what  it’s  worth,  when  the 
time  does  come  that  the  people  of 
China  have  free  speech,  you  can  bet 
they’ll  exercise  it. 

That’s  what  Ron  Baker  of  Oregon 
City,  Ore.,  did.  “I  had  to  gargle  with 
Listerine  after  reading  your  tripe,” 
he  wrote  in  response  to  my  column. 
“It’s  [expletive  deleted]  like  you 
that  make  me  hate  this  industry 
[to  which]  I  have  dedicated  a  thirty- 
year  career.”  Baker  gave  me  per¬ 
mission  to  use  his  name,  and  I 
admire  that. 

Unfortunately,  other  readers 
who  were  outraged  by  my  position 
wouldn’t  allow  their  opinions  to  be 
published  with  their  names.  That’s 
a  tragic  waste  of  a  precious  right 
that  too  many  people  live  without. 
And  wasting  that  right  is  just  plain 
wrong.  ©  52776 


DAVID  MOSCHELLA 


FCC:  Mission 
Accomplished 


“It  is  the  mission  of  the  Federal  Commu¬ 
nications  Commission  to  ensure  that  the 
American  people  have  available  —  at 
reasonable  costs  and  without  discrimi¬ 
nation  —  rapid,  efficient,  nation -  and 
world-wide  communications  services; 
whether  by  radio,  television,  wire,  satel¬ 
lite,  or  cable.” 

-  Congress’  original  charge  to  the  FCC,  1934 


w 


ILL  WE  ever  see  the 
day  when  a  large 
government  agency 


proclaims  “mission  accom¬ 
plished”  and  starts  winding 

itself  down,  not  because  of  failure  but 
because  of  success?  Don’t  bet  on  it.  But 
that’s  the  question  that  comes  to  mind 
as  we  watch  SBC  Communications 
swallow  up  AT&T,  Verizon  and  Qwest 
go  after  MCI,  and  Sprint  take  over 
Nextel.  While  the 
usual  assortment  of 
advocacy  groups  will 
fret  about  excessive 
corporate  size  and 
power,  when  you 
look  at  today’s 
telecommunications 
marketplace,  it’s 
pretty  clear  that  vir¬ 
tually  all  of  the 


FCC’s  goals  have 
been  achieved. 

It  was  less  than 
25  years  ago  that  a 
heavily  regulated 
AT&T  dominated 
America’s  telecom- 
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munications  industry.  The  U.S.  judicia¬ 
ry  wisely  deemed  this  an  undesirable 
structure,  given  the  diversity  and  po¬ 
tential  of  emerging  voice  and  data 
technologies.  The  1982  antitrust  settle¬ 
ment  that  led  to  the  breakup  of  AT&T 
triggered  an  explosion  in  innovation 
and  usage  beyond  what  even  the  most 
zealous  enthusiasts  ever  predicted. 

It’s  worth  remembering  that  in  the 
early  1980s,  the  idea  of  breaking  up 
AT&T  was  highly  controversial,  and 
the  best  means  of  doing  it  was  by  no 
means  obvious,  even  to  those  who  sup¬ 
ported  it.  However,  the  decision  to 
separate  AT&T’s  local,  long-distance 
and  equipment  businesses  has  proved 
sound.  The  latter  two  industries  quick¬ 
ly  became  fiercely  competitive;  only 
the  local  operating  companies  held 
near-monopoly  positions. 
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Over  the  past  two  decades,  those  lo¬ 
cal  monopolies  have  also  been  steadily 
eroded,  and  thanks  to  the  Telecommu¬ 
nications  Act  of  1996  and  other  poli¬ 
cies,  the  largely  artificial  boundaries 
between  local  and  long-distance  ser¬ 
vices  have  blurred.  The  emergence  of 
DSL,  cable,  and  wireless  voice  and  data 
services,  as  well  as  Internet-based  of¬ 
ferings,  is  producing  a  highly  competi¬ 
tive  marketplace  where  the  eventual 
winners  are  by  no  means  clear.  Which 
one  of  those  horses  would  you  bet  on? 

Of  course,  all  is  not  perfect.  Cable 
TV  and  local  telephone  services  are 
still  too  expensive  in  some  areas,  and 
it  would  indeed  be  worrisome  if  a  re¬ 
gion’s  wired  and  wireless  services  were 
owned  by  a  single  company.  There  is 
also  the  risk  that  excessive  access 
charges  between  various  networks 
could  become  a  real  barrier  to  open 
competition.  But  these  issues  can  be 
managed  by  state  regulators,  antitrust 
overseers  and  the  marketplace.  They 
no  longer  require  a  specialized  agency 
focused  on  national  telecom  policy. 

The  idea  of  scaling  back  the  FCC  is 
not  so  much  a  cost-saving  proposition. 
By  government  standards,  the  FCC’s 
$290  million  budget  and  2,000  employ¬ 
ees  are  rounding  errors.  And  even  with 
its  primary  mandate  largely  fulfilled, 
there  are  still  areas  —  especially  spec¬ 
trum  allocation  and  international  satel¬ 
lite  coordination  —  where  the  commis¬ 
sion’s  work  remains  important. 

But  the  era  when  the  telecom  indus¬ 
try  was  viewed  as  a  highly  unusual, 
even  unique  sector  that  required  its 
own  regulatory  body  has  pretty  much 
come  to  an  end.  Consider  this  a  sign  of 
technological  progress  and  market  ma¬ 
turity.  If  nothing  else,  treating  the  tele¬ 
com  business  more  like  other  major  in¬ 
dustries  could  thin  the  legions  of  highly 
paid  lobbyists  in  the  halls  of  Congress. 
When  there  are  very  few  rules  to  write, 
there’s  not  much  for  even  the  cleverest 
of  lobbyists  to  do.  ©  52720 

JERROLD  M. 
GROCHOW 

Firewalls’ 
False  Sense 
Of  Security 

THE  Internet  front  door 
to  almost  every  bank 
and  financial  services 
company  in  the  world  is 


OPINION 


guarded  by  two  sets  of  fire¬ 
walls  defining  a  DMZ.  Near¬ 
ly  every  e-commerce  site 
sits  in  a  similar  DMZ  in 
what  has  become  the  de  fac¬ 
to  standard  in  Web  security 
architecture.  According  to 
Sun  Microsystems,  “In  to¬ 
day’s  tumultuous  times, 
having  a  sound  firewall/ 

DMZ  environment  is  your 
first  line  of  defense  against 
external  threats.”  But  I 
would  argue  that  guarding 
the  perimeter  is  lulling  or¬ 
ganizations  into  a  false 
sense  of  security  that  re¬ 
sults  in  ignoring  the  imple¬ 
mentation  of  other  security 
mechanisms  in  their  appli¬ 
cations  and  databases. 

In  contrast,  the  Internet 
front  door  to  MIT  doesn’t 
have  a  DMZ  and  pretty  much  doesn’t 
even  have  a  firewall.  Universities  begin 
with  an  assumption  that  everything  is 
open,  but  these  large  organizations  are 
arguably  no  more  vulnerable  to  exter¬ 
nal  threats  than  banks  and  financial  in¬ 
stitutions,  and  perhaps  less  vulnerable 
to  internal  threats. 

A  key  reason  for  reduced  vulnerabil¬ 
ity  is  the  approach  many  universities 
take  to  creating  authorization  and 
application-level  security  in  the  ab¬ 
sence  of  a  secure  perimeter.  For  more 
than  a  decade,  universities  have  been 
implementing  homegrown  systems 
and  working  with  vendors  to  ensure 


that  their  products  don’t 
make  assumptions  about 
working  behind  a  firewall. 
We  look  for  systems  to  in¬ 
corporate  application-level 
security  based  on  verifiable 
user  identities  —  an  ap¬ 
proach  that  continues  to 
gain  ground  as  organiza¬ 
tions  realize  that  firewalls 
alone  don’t  provide  the  lev¬ 
el  of  security  they  need  in 
today’s  world. 

In  your  own  organiza¬ 
tion,  do  you  pass  around 
unencrypted  passwords 
and  data  inside  the  firewall 
because  you  know  you’re 
behind  the  firewall?  Are 
your  application  servers 
available  to  any  request 
from  anywhere  (because 
they  are  behind  the  firewall)  or  only  to 
those  Web  servers  that  need  the  appli¬ 
cations  they  implement?  Is  everyone 
with  access  to  applications  allowed  full 
access,  or  is  each  person’s  role  (cus¬ 
tomer,  authorize^  accounts  payable 
clerk)  part  of  the  authorization  proto¬ 
col  to  applications?  These  are  some  of 
the  issues  we  must  face  once  we  realize 
that  firewalls  don’t  really  provide  full 
application  security.  After  all,  once  the 
firewall  is  breached,  the  outsider  is  in¬ 
side,  so  we  can’t  treat  all  insiders  alike. 

As  a  result,  there  is  a  growing  inter¬ 
est  in  standardizing  approaches  to 
secure  authorization  and  application 
access.  Many  security  architectures  at 


universities  (and  some  corporations) 
are  based  on  the  Kerberos  protocol 
and  software  (http:/ /web. mit.edu/ 
kerberos),  first  developed  at  MIT  in  the 
1980s  and  still  going  strong.  In  fact, 
Kerberos  is  in  the  background  of  oper¬ 
ating  systems  from  Apple,  Sun  and 
Microsoft,  but  it’s  not  yet  fully  imple¬ 
mented  in  many  commercial  applica¬ 
tions.  In  addition  to  Kerberos,  the 
Shibboleth  Project,  sponsored  by  In¬ 
ternet  2  ( http://shibboleth.internet2 . 
edu),  is  developing  software  to  attack 
the  problem  of  cross-organizational 
authentication.  The  Liberty  Alliance  is 
working  on  standards  for  cross-organi¬ 
zational  authorization  in  Web  services 
environments  (wwwprojectliberty.org). 
And  Kerberos  can  already  complement 
or  enhance  the  deployment  of  Shibbo¬ 
leth  or  Liberty  standards  as  it  evolves 
in  both  intra-  and  interorganizational 
infrastructures. 

The  problem  of  securing  the  myriad 
applications  and  databases  within 
large  organizations  isn’t  going  to  be 
solved  by  developing  increasingly  se¬ 
cure  firewall  technology.  Firewalls  can 
go  only  so  far  —  at  some  point,  you’ll 
have  to  develop  a  secure  identity 
structure  that’s  incorporated  into  each 
and  every  application.  And  projects 
such  as  Kerberos,  Shibboleth  and  Lib¬ 
erty  will  lead  the  way.  ©  52620 
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Jumping  the  Gun 
Hurts  Vendors 

I  THINK  the  free-speech  defense 
that  Dan  Gillmor  cites  in  his  col¬ 
umn  "Apple  Suit  Is  Wrong  Kind  of 
Different”  [QuickLink  52283]  is 
misplaced.  Truly,  free  speech  is 
paramount  to  a  democratic  society 
and  should  be  defended.  Specifical¬ 
ly,  journalists  play  an  important  role 
in  guarding  that  right. 

However,  publishing  product  in¬ 
formation  before  official  announce¬ 
ments  are  made  can  hardly  be  clas¬ 
sified  as  journalism.  It  provides  no 
benefit  to  the  consumer  and  serves 
only  to  harm  the  creator,  in  this  case 
Apple.  Apple,  more  than  any  com¬ 
puter  and  electronics  manufacturer, 
relies  on  creative  design  and  market 
timing  to  stay  in  business.  Being  in¬ 
novative  is  what  has  developed  the 
company’s  brand  and  created  a  loy¬ 


al  fan  base.  Having  the  details  of  up¬ 
coming  products  made  known  prior 
to  announcement  does  nothing  but 
allow  competitors  to  get  a  head  start. 

Journalism  is  a  service  to  the 
people,  to  educate,  protect  and  in¬ 
form.  Believe  me,  I  enjoy  finding  out 
about  a  new  product  or  other  piece 
of  news  before  my  friends  or  col¬ 
leagues  as  much  as  anyone,  but  this 
is  not  journalism,  and  Apple  has 
every  right  to  defend  itself. 

Aaron  Spencer 
Senior  network  engineer, 
Somers,  N.Y. 


HP  Should  Be  Quiet 

BE  CAREFUL,  Mr. Tennant, you 
might  be  showing  your  lack  of 
knowledge  concerning  corporate 
financial  reporting  requirements 
[“Disquiet.  Period.”  QuickLink 
52181],  I  suggest  you  research  the 


problem  Google  had  when  certain 
comments  were  made  prior  to  its 
initial  stock  offer.  In  matters  with  the 
SEC,  caution  is  always  the  order  of 
the  day. 

Dannis  L.  Robinson 
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Revealing  Secrets 

AGREE  with  Bruce  Schneier 

["The  Curse  of  the  Secret  Ques¬ 
tion,”  QuickLink  52479]  that  the  an¬ 
swer  to  Web  sites’  secret  questions 
are  too  easy  to  find  by  hackers. 

Worse  yet,  if  my  account  is  bro¬ 
ken  into,  the  hacker  can  often  re¬ 
view  the  secret  question  and  its  an¬ 
swer,  thus  acquiring  extra  info  about 
me,  such  as  my  mother’s  maiden 
name,  Social  Security  number  or 
birthday,  which  can  be  used  to  ac¬ 
cess  my  financial  accounts.  Al¬ 


though  biometrics  is  better,  the  se¬ 
cret  question  can  be  made  more  se¬ 
cure  by  allowing  the  user  to  create 
his  own  question,  as  many  sites  do 
now.  This  lets  me  devise  a  question 
that  only  my  closest  and  most  trust¬ 
ed  family  members  would  know. 
Gerry  Champoux 
Walled  Lake,  Mich. 
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Got  a  storage  solution 
so  good  it’s  worthy 
of  an  award? 


Nominate  it  for  the  Storage  Networking 
World  “Best  Practices  in  Storage 
Awards  Program!” 


Storage  Networking  World  (SNW),  in  conjunction  with  Computerworld 
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IT  user-organization  case  study  submissions  for  consideration  and  recognition. 
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“Best  Practices"  based  on  case  studies  highlighting  successful  or  noteworthy 
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•  Systems  Implementation 

•  Storage  Reliability  and  Data  Recovery 
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•  Innovation  and  Promise 
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their  own  in-house  deployment;  and  PR  firms  on  behalf  of  clients.  Multiple  submissions  of  case  studies  describing  different 
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Winners  will  be  featured  in  a  Computerworld  special  advertising  supplement  profiling  the  company  and  submitted  case  study. 


Submit  your  nomination  today!  The  deadline  is  Friday,  March  4th  at  9:00pm  Eastern  time. 

Complete  the  online  nomination  form  at:  www.snwusa.com  -  click  “Submit  a  Best  Practices  Case  Study” 
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"...  SNW  has  the  potential 


to  save  someone  80 
flights  a  year ...  an  optimal 
domain  for  consolidated 
interpersonal  industry 
networking  ...” 

Michael  Dugan 
Director  of  Technology, 
Forbes.com 


“...  the  premier  event  in  the 
storage  industry ..." 


Frank  Enfanto 
Vice  President, 
Operations  Delivery  & 
Information  Security, 
Blue  Cross  Blue  Shield 
of  Massachusetts 
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•  Hear  the  latest  in  enterprise  security 

•  Learn  from  best  practices  and  case  studies 

Why  You  Should  Attend 

Are  you  responsible  for  managing  your  company's  data  center  assets?  Want  to  exchange 
innovative  ideas  and  strategies  with  other  executives  who  share  the  same  objectives?  Then 
attend  Storage  Networking  World,  where  you’ll  network  with  and  learn  from  renowned  experts 
and  the  nation's  top  user  executives. 


Conference  At-a-Glance  (subject  to  change) 


For  details,  updates,  and  to  register  visit  www.snwusa.com/cw 


TUESDAY,  APRIL  12 


Registration  Open  1 1 :00am  -  8:30pm 


9:00am  -  9:30am 
9:30am  -  1 1 :30am 
1 1 :30am  -  1 :00pm 
1 2:00pm  -  5:00pm 
1 :00pm  -  5:25pm 

6:00pm  -  8:00pm 


Breakfast 

Pre-Conference  Tutorials  and  Primers 

Luncheon 

Pre-Conference  Golf  Outing 

End-User  Case  Studies;  SNIA  Voice  of  the  User  Track; 
SNIA  Technical  Tutorials  Track;  Deployable  Solutions  Track 

Welcome  Reception 


WEDNESDAY,  APRIL  13 _ Registration  Open  7:00am  -  8:00pm 


7 : 1 5am  -8:1 5am  Breakfast 


8:1 5am  -  8:30am 
8:30am  -  9:1 5am 


Opening  Remarks 


Opening  Visionary  Presentation 

Ira  Winkler,  Expert  in  Corporate  and  Computer  Security 
Author  of  Spies  Among  Us:  How  to  Stop  the  Spies, 
Terrorists,  Hackers  and  Criminals  You  Don't  Even  Know 
You  Encounter  Every  Day 


9:1 5am  -  9:45am 
9:45am  -  1 0:1 5am 


End-User  Case  Study 


Industry  Leader  Presentation 

Ann  Livermore,  Executive  Vice  President, 
Technology  Solutions  Group,  Hewlett-Packard 


1 0:1 5am  -  1 0:30am 
1 0:30am  -  1 1 :00am 
1 1 :00am  -  1 1 :30am 
1 1 :30am  -  Noon 


Noon  -  1 2:45pm 


Break 

End-User  Case  Study 
Industry  Leader  Presentation 

End-User  Case  Study:  The  Story  (and  Storage!) 
Behind  Kodak’s  Online  Photo  Success 

Sonja  Erickson,  Vice  President,  Technical  Operations, 
Kodak  EasyShare  Gallery 

Panel  Discussion 

Moderated  by:  Jon  William  Toigo,  CEO  &  Founder, 

Toigo  Partners  International 


1 2:45pm  -  2:00pm 
2:1 0pm  -  5:40pm 

5:40pm  -  8:40pm 


Luncheon 

End-User  Case  Studies;  SNIA  Voice  of  the  User  Track; 
SNIA  Technical  Tutorials  Track;  Deployable  Solutions  Track 

Expo  with  Dinner  and  Interoperability  &  Solutions  Demo 

•  30-plus  SNIA  member  companies  collaborating  on  integrated  solutions 

•  Opportunity  to  meet  leading  experts  and  engineers 


For  more  information  and  to  register,  visit  www.snwusa.com/cw  or  call  1-800-883-9090 


For  more  information  and  to  register,  visit  www.snwusa.com/cw  or  call  1-800-883-9090 


J 


THURSDAY,  APRIL  14 


Registration  Open  7:00am  -  6:00pm 


7:15am  -  8:15am 
8:1 5am  -  8:30am 
8:30am  -  9:1 5am 
9:1 5am  -  9:45am 
9:45am  -  1 0:1  5am 


Breakfast 

Opening  Remarks 
Opening  Visionary  Presentation 
Industry  Leader  Presentation 
End-User  Case  Study 

Bob  Logan,  Vice  President,  Enterprise  Infrastructure  Services,  SAIC 


1 0:1 5am  -  1 0:30am 
1 0:30am  -  1  1 :00am 
1 1 :00am  -  1  1 :30am 

1 1 :30am  -  Noon 
Noon  -  1 2:45pm 


12:45pm  -  2:00pm 

2:1 0pm  -  5:40pm 
2:1 0pm  -  5:40pm 

4:00pm  -  7:00pm 

7:00pm  -  9:30pm 


Break 

Industry  Leader  Presentation 

End-User  Case  Study 

Sasan  Hamidi,  CSO,  Interval  International 

ry  Leader  Presentation 
End-User  Panel 

Moderated  by:  Steve  Duplessie,  Founder  &  Senior  Analyst, 
Enterprise  Strategy  Group 

Luncheon 

w  IDC  Storage  Analyst  Briefing 

End-User  Case  Studies;  SNIA  Voice  of  the  User  Track; 
SNIA  Technical  Tutorials  Track;  Deployable  Solutions  Track 
Expo  Open 

•  Cocktail  Reception  in  Expo  begins  at  5:30pm 

Gala  Evening  with  Dinner  &  Entertainment 


FRIDAY,  APRIL  15 


Registration  Open  7:30am  -  10:00am 


7:30am  -  1 0:00am 
8:30am  -  1 2:30pm 

1 2:30pm 


Continental  Breakfast 

End-User  Case  Studies;  SNIA  Voice  of  the  User  Track; 
SNIA  Technical  Tutorials  Track;  Deployable  Solutions  Track 

Conference  Concludes 


at  SNW,  you  connect 
with  folks  you  normally 
wouldn’t  meet  and 
capitalize  on  the 
serendipitous  exchange 
of  ideas  ...” 

HJohn  Seely  Brown 
former  director,  Xerox 
Palo  Alto  Research 
Center  (PARC),  and 
former  chief  scientist, 
Xerox 


“...  SNW  is  a  great  venue 
for  peer  discussion  ...  an 
opportunity  to  provide 
feedback  to  vendors  on 
what  users  need  from 
them  ...” 

John  Greer 
Director, 

IT  Infrastructure, 
Pacific  Gas  &  Electric 


The  Wildfire  Golf  Club, 
Faldo  Course 

Phoenix,  Arizona 


Pre-Conference  Golf  Outing 

Complimentary  for  Registered  IT  End-Users 

The  Pre-Conference  Golf  Outing  at  The  SPONSORED  BY 
Wildfire  Golf  Club,  Faldo  Course  located  at  Quantum 

the  JW  Marriott  Desert  Ridge  Resort,  is  - 

complimentary  ($165  value)  for  registered  IT  End-Users  (other 
participants,  including  sponsors  and  vendors,  may  play  on  an 
“as  available”  basis  and  are  responsible  for  all  applicable  golf 
outing  expenses), 

For  details  contact  Chris  Leger  at  1  -508-820-8277 


JW  Marriott 
Desert  Ridge  Resort 

Phoenix,  Arizona 


Hotel  Reservations  and  Travel  Services 


Global  Odysseys  is  the  official  travel  company 
for  Storage  Networking  World.  They  are  your 
one-stop  shop  for  exclusive  discounted  rates 

on  hotel  accommodations.  - 

To  reserve  your  accommodations,  visit:  www.etcentral.com 
You  can  also  call  our  conference  housing  line  at:  1-888-254-1597 


April  12-15,  2005  •  JW  Marriott  Desert  Ridge  Resort  •  Phoenix,  Arizona 


^-SNIA 


STORAGE 

NETWORKING 


WORLD 

COMPUTERWORLD 

April  12-15,  2005 
JW  Marriott 
Desert  Ridge  Resort 
Phoenix,  Arizona 


Application  for  Conference  Registration 

Fax  this  completed  application  to  1  -508-820-8254  or  apply  online  at:  www.snwusa.com/cw 


Your  business  card  is 
REQUIRED 

to  process  your  application 

Please  affix  your  business  card  to  this  space  prior  to 
submitting  your  application.  Applications  submitted 
without  business  cards  will  not  be  processed. 

Questions?  Call  1-800-883-9090 


If  not  indicated  on  your  business  card, 
please  provide  the  following  required 
information: 


Corporate  Email  Address 


Corporate  Website 

Registration  questions? 

Call  1  -800-883-9090  or  email 
snwreg@computerworld.com 

Need  accommodations? 

Reserve  them  at:  www.etcentral.com 

Or  call  1-888-254-1597 
or  email:  eventhousing@globalodysseys.com 


Please  check  ONE  of  the  following: 


Earlybird  Registration  (through  February  28,  2005) 


Full/Onsite  Registration  (after  February  28,  2005) 


□  I  am  an  IT  End-User* 

(Complete  Attendee  Profile  below) 


□  $895  General  Conference  Package  (April  1 3  &  14) 

(includes  General  Conference  Sessions,  Expo,  Meals  &  Receptions) 

□  $1,290  Total  4-Day  Package  (April  12,  13,  14,  15) 

(includes  General  Conference,  plus  Technical  and  Business  Tracks, 
SNIA-produced  Tutorials,  SNIA-Certification  “Test-Ready"  Courses) 


□  $1,295  General  Conference  Package  (April  13  &  14) 

(includes  General  Conference  Sessions,  Expo,  Meais  &  Receptions) 

□  $1,690  Total  4-Day  Package  (April  12,  13,  14,  15) 
(includes  General  Conference,  plus  Technical  and  Business  Tracks, 
SNIA-produced  Tutorials,  SNIA-Certification  “Test-Ready"  Courses) 


*  IT  End-Users  are  defined  as  those  who  are  attending  Storage  Networking  World  with  an  intent  (and  an  IT  spending  budget)  to  potentially  buy/lease  hardware/software/services,  etc  from  our  conference  sponsors  and  are  not  themselves  an  IT  vendor.  As  such, 
account  representatives,  business  development  personnel,  analysts,  consultants  and  anyone  else  attending  who  does  not  have  IT  purchasing  influence  within  their  organization  are  excluded  from  the  “IT  End-User"  designation.  Interpretation  and  enforcement  of 
this  policy  are  at  the  sole  discretion  of  Computerworld. 


□  I  am  a  Channel  Partner/ 
Integrator/Consultant 

(Complete  Attendee  Profile  below) 


□  $3,000  Total  4-Day  Package  (April  12,  13.  14,  15) 
(includes  General  Conference;  Technical  and  Business  Tracks, 
SNIA-produced  Tutorials,  SNiA  Certification  “Test-Ready"  Courses) 


□  $3,500  Total  4-Day  Package  (April  12,  13,  14,  15) 

(includes  General  Conference;  Technical  and  Business  Tracks, 
SNIA-produced  Tutorials,  SNIA  Certification  "Test-Ready"  Courses) 


By  participating  in  SNWs  Channel  Partner/Integrator  registration  package,  registrants  may  enjoy  the  following  benefits:  One  company  representative  may  receive  a  full  conference  pass  to  SNW  Spring  2005;  additional  company 
representatives  pay  $695  each  for  full  conference  passes;  company  may  invite  up  to  five  IT  User  customers  to  attend  SNW  Spring(IT  Users  must  be  strictly  compliant  with  IT  User  definition  on  the  supplied  registration  form); 
companies  registering  for  this  package  interested  in  joining  the  SNIA  are  eligible  to  receive  a  $2,000  discount  provided  that  membership  is  applied  for  prior  to  March  1 , 2005. 


Attendee  Profile:  This  section  MUST  be  completed  by  IT  End-Users  and  Channel  Partners/Integrators/Consultants  only  (optional  for  all  other  registrations)  in  order  to  process  your  application. 


Your  Business/Industry 

□  Aerospace 

□  Manufacturing  &  Process  Industries  (non-computer  related) 

□  Finance/Banking/ Accounting 

□  Insurance/Real  Estate/Legal  Sevices 

□  Government:  Federal  (including  Military) 

□  Government:  State  or  Local 

□  Health/Medical/Dental  Services 

□  Retailer/Wholesaler/Distributor  (non-computer  related) 

□  Transportation/Utilrties 

□  Communication  Carriers 
(ISP,  Telecom,  Data  Comm,  TV/Cable) 

□  Construction/Architecture/Engineering 

□  Data  Processing  Services 

□  Education 

□  Agriculture/Forestry/Fisheries 

□  Mining/Oil/Gas 

□  Travel/Hospitality/Recreation/Entertainment 

□  Publishing/Broadcast/ Advertising/ 

Public  Relations/Marketing 

□  Research/Development  Lab 

□  Business  Services/Consultant  (non-computer  related) 

□  Manufacturing  of  Computers,  Communications, 

Peripheral  Equipment  or  Software 


Your  Job  Title/Function: 

IT  MANAGEMENT 

□  CIO,  CTO,  CSO 

□  Executive  VP,  Senior  VP 

□  Vice  President 

□  Director 

□  Manager/Other  IT  Manager 

□  Supervisor 

BUSINESS  MANAGEMENT 

□  CEO,  COO,  Chairman,  President 

□  CFO,  Controller,  Treasurer 

□  Executive  VP,  Senior  VP,  VP,  General  Manager 

□  Director,  Manager 

□  Other  Corporate/Business  Manager 

Number  of  employees  in  your  entire  organization 
(ALL  locations) 

□  20,000  or  more 

□  10,000-  19,999 

□  5,000  -  9,999 

□  1,000-4,999 

□  500  -  999 

□  100-499 

□  50  -  99 

□  Less  than  50 


What  is  your  organization's  annual  IT/IS  budget 
for  ail  IT/IS  products? 

□  $  1  Billion  or  more 

□  $500  Million  -  $999.9  Million 

□  $100  Million  -  $499.9  Million 

□  $50  Million  -  $99.9  Million 

□  $10  Million  -  $49.9  Million 

□  $1  Million  -  $9.9  Million 

□  $500,000  -  $999,999 

□  $250,000  -  $499,999 

□  $100,000 -$249,999 

□  Less  than  $  1 00,000 

What  is  the  estimated  annuai  revenue  of 
your  entire  organization? 

□  Over  $10  Billion 

□  $  1  Billion  -  $9.9  Billion 

□  $500  Million  -  $999  Million 

□  $100  Million  -  $499  Million 

□  Less  than  $  1 00  Million 


The  one  item  that  best  describes  your  involvement  in 
the  IT  purchase  process 

□  Authorize/approve  purchase 

□  Evaluate/recommend  products,  brands,  vendors 

□  Specify  features/technical  requirements 

□  Set  budget  for  expenditures 

□  Determine  need  to  purchase 

□  Create  IT  strategy 

□  All  of  the  above 

Would  you  like  to  receive  information  about  playing  in 
the  golf  outing  on  Tuesday,  April  1 2th? 

□  Yes 

□  No 

Do  you  need  hotel  accomodations? 

□  Yes  (please  visit  www.etcentral.com  to  reserve) 

□  No 

Would  you  like  to  receive  a  complimentary 
subscription  to  Computerworld? 

□  Yes 

□  No 


I  |  My  company  is  Sponsoring/ 
Exhibiting  at  SNW 


□  $895  (through  February  28,  2005) 

General  Conference  Package  (April  1 3  &  14) 

(includes  General  Conference  Sessions,  Expo,  Meals  &  Receptions) 

□  $1,290  Total  4-Day  Package  (April  12,  13,  14,  15) 

(includes  General  Conference,  plus  Technical  and  Business  Tracks, 
SNIA-produced  Tutorials,  SNIA-Certification  “Test-Ready"  Courses) 


□  $1,295  (after  February  28,  2005) 

General  Conference  Package  (April  1 3  &  14) 

(includes  General  Conference  Sessions,  Expo,  Meals  &  Receptions) 

□  $1,690  Total  4-Day  Package  (April  12,  13,  14,  15) 
(includes  General  Conference,  plus  Technical  and  Business  Tracks, 
SNIA-produced  Tutorials,  SNIA-Certification  “Test-Ready"  Courses) 


As  a  sponsor,  you  may  be  eligible  to  attend  using  a  registration  provided  with  your  sponsorship.  (If  those  registrations  have  already  been  assigned/used,  then  you  may  register  at  the  prevailing  rates  above.)  See 
the  current  list  of  sponsors  at  www.snwusa.com.  Questions?  Call  1  -800-883-9090  or  email  snwreg@computerworld.com. 


□ 


I  am  a  representative  of  a  Non-Sponsoring  IT  Vendor  Company 

□  $5,000  Business  Development  Professional  Package  for  Sales,  Marketing  and  Business  Development  Professionals  (includes  General  Conference  Sessions,  Expo,  Meals  &  Receptions) 


Vendors  are  encouraged  to  participate  in  Storage  Networking  World  through  sponsorship.  (Details  are  available  by 
calling  Ann  Harris  at  508-8208667.)  Alternatively,  vendors  (as  well  as  other  “non-IT  end-user”  professionals  as 
defined  by  Computerworld),  may  apply  for  registration  at  the  “non-sponsoring  vendor”  rate  of  $5,000.  Determination 
of  what  constitutes  a  “non-sponsoring  vendor*  registration  is  made  exclusively  by  Computerworld. 

Please  call  888-239-4505  with  questions. 


□  I  am  a  Financial/Equity  Analyst 

□  $1,290  (through  February  28,  2005) 
General  Conference  Package 
(includes  General  Conference  Sessions, 
Expo,  Meals  &  Receptions) 


and/or  Venture  Capital  Professional 

□  $1,690  (after  February  28,  2005) 
General  Conference  Package 
(includes  General  Conference  Sessions, 
Expo,  Meals  &  Receptions) 


□  I  am  a  qualified  member  of  the  press.  I  can  verify  my  press  credentials. 
Press  should  call  Marenghi  Public  Relations  at  1-781-915-5000  to  register. 

Please  fax  this  completed  application  to  1-508-820-8254 


Payment  Method 

□  Check  (checks  must  be  received  by  March  21 , 2005  payable  to:  Computerworld) 
Mail  to:  Computerworld,  Attn:  Michael  Meleedy,  One  Speen  Street,  Framingham,  MA  01701 

□  American  Express  □  VISA  □  MasterCard 

Account  Number: _ 

Expiration  Date: _ 

Card  Holder  Name: _ 

Signature  of  Card  Holder:  _ 

Cancellation  Policy  (All  of  the  following  require  written  notification  by  March  2 1 ,  2005.) 

In  the  event  of  cancellation,  the  registrant  has  three  options: 

1)  He  or  she  may  substitute  another  attendee  for  this  conference. 

2)  He  or  she  may  transfer  this  registration  to  the  Storage  Networking  World  Fall  2005  conference. 

3)  The  registration  fee  will  be  refunded,  less  a  $250  service  charge  (if  written  notice  is  received  by  March  21, 2005). 

Please  send  cancellation  requests  via  email  to:  snwreg@computerworld.com 


Endgame  for  Tru64 

Tru64  users  have  no  choice  but 
to  plot  a  road  map  away  from 
Hewlett-Packard’s  Unix  system. 
Some  will  move  to  HP-UX,  but 
others  may  have  to  explore 
other  options.  Page  32 


SECURITY  MANAGER’S  JOURNAL 

Assessing  a  New 
App  Infrastructure 

Mathias  Thurman  must  assess  his 
company’s  architecture,  systems  and 
applications  before  going  live  with 
an  Oracle  lli  deployment.  Page  33 


FUTURE  WATCH 

Computation  Comes  to  Life 

Researchers  such  as  MIT’s  Thomas  Knight 
(left)  are  taking  the  marriage  of  computer 
science  and  biology  to  a  new  level,  turning 
cells  into  living  computers  with  programma¬ 
ble  DNA  and  biochemical  memories.  Page  28 


BUSINESS  TO 


leaders  like  Dell  Inc.  inside  the 
data  center  for  general-purpose 
applications  such  as  e-mail  and 
Web  serving. 


I  Where’s  Mac? 

a  Not  surprisingly,  according  to  re- 
i  a  search  from  New  York-based  Trend- 
ij*.  a  Watch,  83%  of  graphic  designers,  77%  of 
^La  corporate  design  departments  and  65% 
of  advertising  agencies  rely  on  Macintosh 
a  computers.  And  publishers  also  continue  to 
f  depend  on  Apple’s  machines. 

Kim  Vichitrananda,  a  desktop  support  engi¬ 
neer  for  800  PCs  and  250  Macs  at  The  Dallas 
Morning  News,  acknowledges  that  Windows  has 
comparable  applications  for  the  publishing  mar¬ 
ket.  But,  she  says,  “those  applications  don’t  run 
as  robustly  on  Windows.  They’re  not  as  fast  or 
as  seamless  as  on  the  Mac.  We  could  not  replace 
Macs  for  PCs.” 

At  The  Home  Depot  Inc.,  senior  engineer  Bruce 
Covey  evaluated  only  Mac  options  when  he  up¬ 
graded  his  video  production  equipment  at  the  com¬ 
pany’s  corporate  headquarters  in  Atlanta.  “We  nev¬ 
er  considered  the  PC  option,  because  it  can’t  do 
what  the  Mac  does  in  video  production,”  he  says. 

Home  Depot’s  video  group  standardized  on 
dual-processor  Mac  G5  desktop  machines  with 
2GB  of  RAM  accessing  4TB  of  storage  on  Xserve 
RAID  storage.  Covey  uses  Apple’s  Final  Cut  Pro 
as  his  editing  application. 


Last  month,  Brandchannel.com  dubbed 

Apple  Computer  Inc.  the  “brand  with  * 
the  most  global  impact.”  But  you’d  ^ 

never  know  it  by  looking  at  corporate 
desktops  today. 

Windows  machines  are  the  undisputed  personal 
computers  of  choice  for  corporate  IT,  the  biggest 
single  market  for  PCs.  Research  conducted  by 
Framingham,  Mass.-based  IDC  underscores  the 
fact.  IDC  ranked  the  maker  of  Macintosh  ma¬ 
chines  No.  10  on  its  market-share  list  in  2004,  two 
spots  behind  the  Chinese  company  Lenovo  Group 
Ltd.  —  and  the  list  was  prepared  before  Lenovo’s 
planned  acquisition  of  IBM’s  PC  unit. 

Yet  despite  significant  efforts  by  Windows  sup¬ 
pliers,  Apple  still  remains  a  dominant  player  in 
vertical  market  segments  such  as  publishing  and 
digital  media.  And  with  the  growing  popularity  of 
its  low-cost  Xserve  Unix  servers,  Apple  has  an  op¬ 
portunity  to  compete  head-to-head  with  industry 


Macs  are  still  going 
strong  in  the  graph¬ 
ics  and  digital  media 
markets.  And  now 
Xserve  may  help 
Apple  make  inroads 
in  the  data  center  as 
well.  BY  MARK  HALL 
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His  team  also  depends  on  outside 
freelance  talent  to  produce  nearly  300 
10-to-45-minute  videos  every  year  on 
everything  from  CEO  commentaries 
shot  in  the  corporate  studio  to  forklift- 
safety  programs  filmed  in  warehouses. 
Covey  says  the  “lion’s  share”  of  free¬ 
lance  video  talent  “depend  on  Macs,” 
so  he  does,  too. 

Mac  Is  Unix 

Apple’s  embrace  of  Unix  in  its  Mac  OS 
X  operating  system  gave  the  company 
a  big  boost  among  scientists  who  need 
hefty  processing  capabilities.  Bill  Van 
Etten,  who  does  genetic  research  at  the 
University  of  Pittsburgh,  attributes  the 
Mac’s  star  power  among  scientists  to 
the  computer’s  ease  of  use,  a  broad  set 
of  scientific  applications  available  for 
the  Mac  and,  most  important,  its  Unix- 
based  operating  system. 

“As  a  life-science  researcher,  I  sim¬ 
ply  have  no  use  for  an  operating  sys¬ 
tem  that  isn’t  Unix,”  says  Van  Etten. 

In  fact,  OS  X  isn’t  just  Unix  but,  with 
the  exception  of  its  user-interface  and 
management  tools  code,  it’s  open- 
source  Unix.  (The  source  code  is  locat¬ 
ed  at  www.opendarwin.org.)  Apple 
integrates  and  specifically  tunes  its 
hardware  for  an  additional  80  open- 
source  projects,  such  as  Apache, 
MySQL  and  JBoss  for  the  Mac. 

The  Unix  application  software  avail¬ 
able  for  Macs  is  another  benefit  touted 
by  users.  “There  are  a  ton  of  Unix  apps 
designed  for  research,”  says  Ben  Hanes, 
senior  systems  analyst  at  Children’s 
Hospital  of  Oakland  Research  Institute 
(CHORD,  which  is  one  of  the  top  10 
recipients  of  research  grants  from 
the  National  Institutes  of  Health. 

Van  Etten  acknowledges  that  “it  is 
technically  possible  to  get  something 
for  a  Unix  environment  to  run  on  Win¬ 
dows.  [And]  these  applications  might 
work  sometimes,  but  it’s  slow,  awk¬ 
ward  and  problematic.” 

At  the  Broad  Institute  for  bioscience 
research  in  Cambridge,  Mass.,  Stan 
Diamond,  team  leader  for  desktop  sup¬ 
port,  says  95%  of  the  servers  in  the  in¬ 
stitute’s  data  center  are  Unix-based. 
About  20%  of  those  are  Macs. 

It’s  doubtful  that  Oracle  Corp.  would 
have  decided  to  port  its  Oracle  lOg 
database  to  the  Mac  if  the  platform 
didn’t  have  a  Unix  core.  “We  see  value 
in  OS  X,”  says  Sanjay  Sadhu,  director 
of  worldwide  alliances  and  channels 
at  the  database  giant.  “It’s  a  great  new 
enhancement.”  He  adds  that  Oracle 
hopes  to  exploit  Apple’s  strong  posi¬ 
tion  in  the  sciences  and  in  creative 
and  education  markets. 

In  fact,  Oracle  has  installed  Xserves 


in  its  data  center  to  run  its  Oracle  Col¬ 
laboration  Suite  for  e-mail,  voice  mail 
and  calendaring  for  4,000  employees. 

And  Oracle  is  probably  saving  mon¬ 
ey  doing  so.  Apple’s  dirt-cheap  dual¬ 
processor  Xserve  competes  favorably 
against  Dell’s  PowerEdge  1850.  The 
latter,  loaded  with  dual  2.8-GHz  Intel 
Xeon  processors  and  2GB  of  memory 
with  600GB  of  SCSI-based  storage  and 
a  25-user  Windows  license,  rang  up  at 
$12,717  last  month  on  Dell’s  Web  site. 
An  Xserve  with  two  2.3-GHz  PowerPC 
G5  processors,  2GB  of  RAM,  580GB 
of  ATA  storage  and  unlimited  OS  X 
clients  is  a  pittance  in  comparison, 
at  $6,299. 

Even  running  Linux,  the  Xserves  are 
cheaper.  And  that’s  part  of  the  reason 
the  University  of  Pittsburgh’s  Van  Et¬ 
ten,  a  Linux  fan,  opted  for  Xserves  in 
his  120-node  server  cluster.  The  Mac 
is  suddenly  and  uncharacteristically 
a  low-cost  option  for  IT  shops. 

A  Safer  Option 

At  Genentech  Inc.,  a  multibillion- 
dollar  biotechnology  firm  in  South  San 
Francisco,  Mark  Jeffries  oversees  near¬ 
ly  2,500  Macs.  The  senior  systems  spe¬ 
cialist  says  the  OS  X  machines  are 
used  “for  various  purposes,”  from  sci¬ 
entists  doing  pure  research  to  execu¬ 
tives  toying  with  spreadsheets. 

According  to  Jeffries,  the  Mac’s 
place  in  the  market  today  is  the  result 
in  large  measure  to  Windows-centric 
IT  shops  that  “have  always  been  trying 
to  find  some  reason  to  get  rid  of  Macs.” 
But  he  doesn’t  believe  that  the  Mac  is 
destined  to  remain  locked  in  a  few  ver¬ 
tical  segments,  because  of  recent  shifts 
in  the  technology  landscape. 

First,  as  Web  services  applications 
replace  client/server  software,  Win¬ 
dows  dependencies  in  an  application’s 
business  logic  disappear,  as  does  the 
requirement  for  Windows  machines. 

The  second  shift,  says  Jeffries,  is 


malware.  He  remembers  a  virus  that 
shut  down  operations  at  a  couple  of 
his  company’s  competitors  in  2003 
because  of  their  total  dependency  on 
Windows  while  Genentech’s  business 
continued  unaffected.  He  says  the 
company’s  top  executives  took  note 
of  that  event,  and  it  reaffirmed  their 
commitment  to  the  Mac. 

“The  Mac  is  secure,  if  not  bullet¬ 
proof,”  Jeffries  says.  That’s  because  OS 
X  was  developed  after  the  widespread 
adoption  of  the  Internet,  so  Apple  “de¬ 
signed  it  to  be  secure  by  default.” 

“Windows  was  designed  for  fea¬ 
tures,  not  security,”  he  adds. 

Across  San  Francisco  Bay  at  CHORI, 
Hanes  concurs.  “Macs  are  safer,”  he 
says.  “When  we  get  a  virus,  it’s  because 
someone  attached  a  Windows  laptop 
to  the  network.” 

Hanes,  who  estimates  that  CHORES 
hundreds  of  machines  are  evenly  split 
between  Macs  and  Windows,  deploys 
Macs  as  his  secure  front  line  to  the 
outside  world.  He  has  set  up  CHORES 
mail  and  Web  servers  on  OS  X  sys- 


The  iPod  Factor 


APPLE’S  RECENT  emphasis  on  consumer 
gadgets  and  services  such  as  the  iPod  and 
[Junes  are  boosting  its  position  in  the  home 
computing  market.  According  to  research 
by  Minneapolis-based  financial  services 
firm  Piper  Jaffray  &  Co.,  6%  of  Windows 
users  who  bought  iPods  have  switched  to 
Macs,  and  7%  more  plan  to  make  the  jump. 

Kim  Vichitrananda,  a  desktop  support 
engineer  at  The  Dallas  Morning  News, 
says  the  iPod  helps  Apple  not  only  in  the 


market,  but  with  its  bottom  line,  as  it  did 
in  the  most  recent  quarter,  when  Apple 
reported  record  profits.  “It  does  tremen¬ 
dous  things  for  name  recognition  [among] 
users  of  both  platforms,”  she  says. 

And,  says  Stuart  Wilkes,  technical  di¬ 
rector  of  Iscentia  Ltd.,  a  Fortune  500 
consultancy  in  Worcestershire,  England, 
Apple’s  sound  finances  mean  that  “the 
Mac  is  not  a  risky  investment  anymore.” 

-Mark  Hall 


terns.  Any  malware,  particularly  mail- 
borne  viruses,  gets  stopped  there 
before  reaching  the  network.  “If  it’s 
touching  the  Internet,  it’s  safer  on  a 
Mac,”  he  concludes. 

Most  Mac  technical  support  person¬ 
nel  argue  that  the  machines  are  far 
simpler  to  manage  than  Windows  box¬ 
es.  For  example,  when  Genentech  went 
through  a  recent  upgrade  on  both  its 
Mac  and  Windows  systems,  one  tech¬ 
nician  could  completely  upgrade  six 
OS  X  machines  per  day,  while  on  the 
Windows  side,  one  person  could  com¬ 
plete  only  two  or  sometimes  three  PCs 
each  day.  And  for  the  entire  company, 
seven  technicians  handle  nearly  2,500 
Macintoshes. 

Eighty  percent  of  Digital  Strata  Inc.’s 
business  is  Windows  users.  Dan  Fis- 
chler,  president  of  the  Scotts  Valley, 
Calif. -based  IT  consultancy,  estimates 
that  one  tech  support  person  can  man¬ 
age  50  to  75  Macs,  whereas  ideally, 
there  should  be  one  for  every  20  to 
25  Windows  PCs. 

That’s  because  of  the  high  level  of 
integration  between  the  hardware  and 
the  software  in  a  Mac,  suggests  Gary 
Winterboer,  IT  support  engineer  at 
AeroVironment  Inc.,  an  aerospace  de¬ 
sign  firm  in  Monrovia,  Calif.  For  exam¬ 
ple,  Apple  includes  its  Server  Assistant 
tool,  which  sets  up  an  Xserve  machine 
with  a  single  click.  And  the  Server  Ad¬ 
min  tool  lets  users  turn  individual  fea¬ 
tures  on  or  off  with  a  mouse  click. 

No  one  expects  Macs  to  displace 
Windows  as  the  desktop  of  choice  for 
general-purpose  computing.  But  Apple 
has  deflected  intense  competition  in 
its  core  vertical  markets.  And,  for  the 
first  time,  it’s  becoming  a  credible  con¬ 
tender  as  an  alternative  for  servers  in¬ 
side  the  data  center.  ©  52603 


THE  LOW-COST  ALTERNATIVE? 


THE  COMPARISON  BELOW  SUGGESTS  THAT  CORPORATE  IT  SHOULD 
SERIOUSLY  EVALUATE  APPLE’S  DUAL-PROCESSOR  XSERVE. 


DELL  POWEREDGE  1850 

■  Dual  2.8-GHz  Intel  Xeon  processors 

■  2GB  of  memory 

■  600GB  of  SCSI-based  storage 

■  25-user  Windows  license 

COST:  512,717  (JANUARY) 
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APPLE  XSERVE 

■  Two  2.3-GHz  PowerPC  G5  processors 

■  2GB  of  RAM 

■  580GB  of  ATA  storage 

■  Unlimited  Mac  OS  X  clients 

COST:  $6,299  (JANUARY) 


For  your  next  generation  of  applieations,  move 
to  the  next  generation  of  database  technology. 

We’re  offering  a  free,  fully  functional,  non-expiring 
copy  of  Cache,  the  post-relational  database  that 
uniquely  combines  advanced  objects  and  high 
performance  SQL. 

With  Cache,  no  mapping  is  required  between 
object  and  relational  views  of  data.  Which  means 
huge  savings  in  both  development  and  processing 
time. 

Applications  built  on  Cache  are  massively  scalable 
and  lightning- fast.  Plus,  they  require  minimal  or  no 
database  administration. 

More  than  just  a  database  system,  Cache 
incorporates  a  powerful  Web  application  development 


environment  that  dramatically  reduces  the  time  to 
build  and  modify  applications. 

Cache  is  so  reliable,  it’s  the  world’s  leading 
database  in  healthcare  -  and  it  powers  enterprise 
applications  in  financial  services,  government  and 
many  other  sectors.  With  its  high  reliability,  high 
performance  and  low  maintenance,  Cache  delivers 
your  vision  of  a  better  database. 

We  are  InterSystems  -  a  specialist  in  ciata 
management  for  over  twenty-six  years,  providing 
24x7  support  to  4  million  users  in  88  countries. 
Cache  is  available  for  Windows,  OpenVMS,  Linux, 
Mac  OS  X  and  major  LTNIX  platforms,  and  it  is 
deployed  on  systems  ranging  from  two  to  over 
50,000  simultaneous  users. 


InterSystems  /• 

in  CACHE 

Make  Applications  Faster 

Try  a  better  database.  For  free. 

Download  a  free,  fully  functional,  non-expiring  copy  of  Cache  or  request  it  on  CD  at  www.InterSvstems.com/Free 


©  2005  InterSystems  Corporation.  All  rights  reserved.  InterSystems  Cache  is  a  registered  trademark  of  InterSystems  Corporation.  1-05  RobFrceCWorld05 
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SOMEDAY,  OUR  MOST 
SOPHISTICATED 
CHIP  FABS  COULD 
BE  LIVING  CELLS. 

BY  GARY  H.  ANTHES 


For  years  biologists  have  used  computer 
models  and  high-performance  computers 
to  simulate  and  understand  living  proc¬ 
esses.  More  recently,  computer  scientists 
have  drawn  inspiration  from  biology  to 
immunize  information  systems  against  malware  and 
to  create  algorithms  that  mutate  without  human 
intervention.  In  all  such  cases,  the  underlying  com¬ 
puter  architecture  has  remained  traditional  and 
unremarkable  —  software  running  on  silicon-based 
digital  processors. 

But  now  researchers  are  taking  the  marriage 
of  computer  science  and  biology  to  a  remarkable 
new  level,  turning  cells  into  living  computers  with 
programmable  DNA  and  biochemical  memories, 
sensors,  actuators  and  intercellular  communication 
mechanisms. 

MIT  researcher  Thomas  Knight  is  a  pioneer  in  the 
field,  which  he  calls  “synthetic  biology.”  “In  1992,  it 
became  clear  to  me  that  the  end  of  the  road  was 
coming  for  silicon,”  says  Knight,  who  was  a  designer 
of  integrated  circuits  at  the  time.  “We  would  have  to 
shift  from  electronics  and  physics  to  an  approach  in 
which  chemistry  is  the  fundamental  technology.  And 
the  most  sophisticated  chemistry  is  biochemistry.” 

SHRINKING  TARGETS 

Chip-making  processes  today  place  atoms  of  silicon 
and  dopants  —  impurities  added  to  define  the  chip’s 
electrical  properties  —  crudely  but  well  enough  to 
make  the  chips  work.  As  circuits  shrink,  however,  it’s 
getting  harder  to  put  the  atoms,  particularly  the 
dopant  atoms,  in  exactly  the  right  places. 

But  biological  processes  for  millions  of  years  have 
been  able  to  place  single  molecules  and  atoms  in  pre¬ 
cisely  the  right  order  and  locations.  “Cells  are  good 
at  building  things  —  the  most  sophisticated  factories 

we  have,”  Knight  says.  “We  as  engineers  have  _ 

no  clue  at  all  how  to  do  that.” 

Rather  than  wait  centuries  for  conventional 
engineering  to  catch  up,  Knight  and  re¬ 
searchers  at  a  handful  of  universities  want  to 
ride  on  the  back  of  biology  or,  more  precisely, 
inside  the  cell.  Knight  and  a  group  of  graduate 
students  are  building  a  tool  kit  of  what  they  call 
BioBricks,  standard  parts  that  can  be  used  to  build 
programmable  organisms. 

Each  of  some  400  BioBricks  is  housed  in  a  little 
vial  of  liquid  containing  copies  of  a  carefully  chosen 
and  well-understood  section  of  DNA.  Each  DNA 


COMES  TO 


FUTURE 

WATCH® 


fragment  can  mimic  in  some  way  the  operations  of 
conventional  computer  circuits.  BioBricks  can  be 
used  individually  to  perform  very  simple  tasks,  or 
they  can  be  spliced  together  to  do  higher-level  work. 
They  allow  someone  to  build  programmable  organ¬ 
isms  without  understanding  the  underlying  biology. 

There  are  BioBricks  that  act  as  logic  gates,  per- 

_  forming  simple  Boolean  operations  such  as 

AND,  NOT,  NOT  AND,  OR,  NOT  OR 
and  so  on.  For  example,  the  AND  BioBrick 
generates  an  output  signal  when  it  gets  a 
biochemical  signal  from  both  its  inputs, 
whereas  an  OR  BioBrick  produces  a  signal  if 
it  gets  a  signal  from  either  input. 

These  biological  components  work  extremely 
slowly  by  the  standards  of  conventional  computers, 
performing  their  functions  in  seconds  or  minutes 
rather  than  nanoseconds,  and  Knight  says  they  are 
unlikely  ever  to  exceed  millisecond-level  perfor¬ 
mance.  “But  that  doesn’t  mean  you  couldn’t  use  bio¬ 


logical  components  to  produce,  say,  carbon  nano¬ 
tubes,”  he  says,  that  in  turn  could  be  used  to  build 
molecular-scale  high-performance  computers. 

Or,  Knight  says,  it’s  possible  that  living  factories 
made  from  BioBricks  could  help  build  ultradense 
silicon  chips  by  placing  the  troublesome  dopant 
atoms  at  just  the  right  points  on  a  silicon  lattice. 

Ron  Weiss,  a  former  student  of  Knight’s  and  now  a 
professor  of  electrical  engineering  and  molecular  bi¬ 
ology  at  Princeton  University,  is  working  on  digital 
logic  inside  cells  and  intercellular  communications. 
He  says  it  will  be  a  long  time  before  synthetic  biol¬ 
ogy  contributes  directly  to  computer  science.  “But 
eventually  we  might  come  up  with  an  abstraction 
that  allows  you  to  program  billions  of  little  biological 
computing  elements  that  are  not  robust  at  all  and 
don’t  have  a  lot  of  resources,”  Weiss  says,  “and  that 
might  be  a  useful  paradigm  for  programming  certain 
kinds  of  silicon-based  computational  devices.” 

SMART  PLANTS,  AND  MORE 

Scientists  at  the  University  of  Alberta  in  Edmonton 
are  trying  to  develop  a  plant  whose  leaf  shape  or 
flower  color  changes  when  a  land  mine  is  buried  be¬ 
low  it.  Roots  would  have  to  be  genetically  altered  to 
detect  explosives  traces  in  the  soil  and  to  communi¬ 
cate  that  information  to  the  leaves  or  flowers. 

That  will  require  some  kind  of  sensor  circuits  in 
the  plants’  root  cells,  plus  an  actuator  circuit  in  the 
leaf  or  flower  cells,  with  little  real  computation  in 
between.  But,  Knight  says,  one  can  imagine  more- 
sophisticated  computational  engines  inside  a  plant’s 
cell  that  would,  for  example,  cause  the  plant  to 
bloom  on  Mother’s  Day  or  prepare  itself  for  frost  or 
drought  based  on  warnings  input  by  human  weather 
forecasters.  “What’s  noteworthy  about  that  kind  of 
computation  is  not  that  it’s  wimpy  and  slow,  but  that 
it’s  in  a  special  place  —  inside  the  cell,”  he  says. 

But  he’s  clearly  uncomfortable  speculating  about 
miraculous  applications  of  synthetic  biology.  A  great 
deal  of  effort  must  first  go  into  developing  the  kinds 
of  design  and  measurement  tools  and  methods  that 
conventional  engineers  take  for  granted.  “It’s  boring, 
tedious  work,  but  it’s  extremely  important,”  he  says. 

The  ability  of  biological  circuits  to  self-replicate 
makes  synthetic  biology  unique  among  all  engineer¬ 
ing  disciplines,  Knight  says.  “Tremendous  power 
comes  from  that,  and  some  dangers,”  he  says. 

Researchers  at  MIT  are  limiting  their  work  to  two 
kinds  of  agents.  The  first  are  natural  agents  that  are 
100%  safe,  and  the  second  are  engineered  organisms 
“not  known  to  consistently  cause  disease  in  healthy 
adult  humans,”  the  government’s  definition  of 
Biosafety  Level  1  on  its  four-level  scale  of  infection 
dangers.  And,  Knight  adds,  his  work  involves  simpli¬ 
fying  organisms,  not  adding  features  that  could  make 
them  dangerous. 

The  greater  danger  in  synthetic  biology,  Knight 
says,  comes  from  the  possibility  that  others  will  ex¬ 
ploit  it  for  evil  purposes.  “All  powerful  technologies 
are  dangerous,  and  we  - 

are  creating  a  powerful  niPITAI  PEI  I Q 
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“Our  best  defense  is  our  Programmed  cells  could  one  day 
r  ^  provide  an  early-warning  system 

ability  to  do  it  faster,  for  infections. 
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restrictions  and  exclusions  may  apply.  For  complete  warranty  details,  call  1-800-345-1518  (U.S.).  4.  48-month  implicit  lease  rate,  assuming  lessee  does  not  exercise  a  fair-market-value  purchase  option  at  the  end  of  the  lease  term  and  timely  returns  the  leased  equipment 
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Greening 

BusinessApps 

Satya  Nadella  leads  Microsoft’s  efforts 
to  uncouple  corporate  applications  to  make 
them  easier  to  deploy  and  integrate. 


With  a  dozen  years’  ex¬ 
perience  at  Microsoft 
Corp.,  SATYA  NADELLA 
has  been  put  in  charge 
of  the  company’s  Proj¬ 
ect  Green  initiative, 
which  was  first  an¬ 
nounced  in  2003.  The 
aim  of  the  project  is  to 
rearchitect  Microsoft’s 
business  application 
offerings  under  a  common,  service- 
oriented  architecture. 

In  a  conversation  with  Computer- 
world’s  Robert  Mitchell,  Nadella  dis¬ 
cussed  where  Project  Green  stands 
now,  outlined  the  road  map  for  the  ini¬ 
tiative  —  which  he  stressed  is  all  about 
“sequential  progress”  and  not  “big- 
bang  deployments”  —  and  explained 
Microsoft’s  take  on  “loosely  coupled” 
computing.  Nadella  also  described 
how  Microsoft  is  developing  its  offer¬ 
ings  for  midmarket  users. 

With  Microsoft  CRM  and  acquisitions,  you 
have  all  the  elements  of  a  midmarket  ERP 
suite.  Is  that  the  plan?  We  got  into  this 
business  through  a  series  of  acquisi¬ 
tions,  and  we  did  some  homegrown 
development,  such  as  Microsoft  CRM. 
We  have  ERP  products,  Microsoft  CRM 
and  our  small-business  applications 
that  are  part  of  Microsoft  Office.  In 
ERP,  we  have  Great  Plains,  Axapta, 
Solomon,  Navision  —  those  are  the  four 
major  ERP  brands  for  the  midmarket. 

How  will  these  products  evolve?  People 
want  things  to  be  simpler,  more  flexi¬ 
ble,  and  they  want  to  drive  down  the 
total  cost.  But  they  also  want  lots  of 
features  within  a  given  business  do¬ 
main.  To  make  sense  of  all  this,  we  first 
developed  what  we  call  the  customer 
model.  It  has  three  elements.  The  first 
is  people.  [Users]  need  a  bridge  be¬ 
tween  their  ad  hoc  communications 


and  their  more  structured,  transaction¬ 
al  work.  The  second  thing  is  . . .  busi¬ 
ness  process  complexity  as  defined  by 
looking  at  an  org  chart.  The  number  of 
people  in  a  department  sets  the  com¬ 
plexity,  as  opposed  to  the  company  size. 

The  last  part  is  what  we  call  work,  or 
process.  People  in  departments  are 
working  on  some  business  process. 

How  will  the  move  toward  a  service-oriented 
architecture  affect  these  programs?  We 

found  five  horizontal  attributes  that 
customers  are  asking  for.  The  first  one 
is  that  end  users  want  simpler,  task- 
oriented,  role-based  user  interfaces 
that  will  help  them  navigate  through 
information  models  they  already  have. 
Great  Plains  or  Solomon  have  a  pretty 
robust  data  model  and  object  model 
underneath,  but  what  [the  user]  is  real¬ 
ly  saying  is,  “How  are  you  going  to 
help  me  get  to  the  data  I  want?” 

The  next  [attribute]  is  business  in¬ 
sight.  Yes,  they  want  reports,  but  small 
and  medium-sized  businesses  are  real¬ 
ly  managed  by  exception.  We  call  it 
operational  BI. 

The  third  piece  is  [being]  connected. 
There  is  no  such  thing  as  a  business 
application,  an  ERP  application,  living 
in  isolation.  The  first  level  is  to  be  able 
to  open  up  our  systems  using  Web 
services  so  you  allow  for  these  com¬ 
posite  applications  that  can  be  built  in 
a  loosely  coupled  fashion  using  the 
new  trends  of  SOA. 

So  the  way  we  integrate  between 
CRM  and  ERP  is  through  an  SOA- 
based  approach  to  integration,  which  is 
a  loosely  coupled,  asynchronous  way 
to  bring  these  systems  together. 

The  next  [attribute]  is  what  we  call 
adaptive  process.  All  business  applica¬ 
tions  today  have  gobs  and  gobs  of  busi¬ 
ness  logic  in  code.  The  problem  is, 
business  processes  are  not  static.  What 
we’ve  found  is  that  in  time,  any  busi¬ 


ness  application  gets  out  of  sync  with 
the  actual  process  in  the  physical 
world,  and  that  causes  a  lot  of  pain. 

The  real  Holy  Grail  is  to  be  able  to 
take  this  thing  that  is  written  in  code 
today  and  put  it  into  a  more  modeled 
form.  The  [next  challenge]  is,  how 
do  we  go  into  the  system  and  start 
putting  in  models  so  we  can  increase 
the  longevity  of  the  system,  and  more 
importantly,  how  can  we  make  the  sys¬ 
tem  more  adaptive  to  change? 

The  last  piece  is  the  process  centric- 
ity  in  our  application  design.  That’s 
where  we’re  going,  and  that  anchors 
our  vision. 

Is  this  where  Project  Green  fits  in?  Project 
Green  is  one  of  those  things  that  with 
a  little  help  from  us  gets  written  up  as 
different  things  by  different  people. 
Project  Green  is  a  bunch  of  research 
we’re  doing  on  those  design  pillars  I 
talked  about.  It  is  also  actual  product 
delivery  of  that  research  in  the  context 
of  releases  of  Great  Plains  or  Navision 
or  CRM.  Project  Green  is  showing  up 
in  our  products  today.  When  we  start 
taking  the  innards  of  the  business  logic 
of  these  apps  and  start  putting  models 
on  them,  putting  them  on  a  single 
model,  that’s  when  you’ll  start  to  see  us 
having  a  convergence  of  our  core  code. 

So,  what  is  the  product  road  map  for  Project 
Green?  Our  road  map  is  not  this  big 
bang  —  “here  is  a  new  product  and  go, 
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all  of  you,  migrate  to  it.”  Our  road  map 
is  all  about  sequential  progress  on  these 
five  design  pillars.  You  can  measure 
[our  progress]  by  the  last  release  we 
did,  and  every  24  to  36  months  we’ll 
have  another  one. 

How  far  are  you  willing  to  go  with  compo- 
nentization  and  disaggregation  of  Microsoft’s 
business  applications?  We  absolutely  be¬ 
lieve  in  componentization  and  disag¬ 
gregation  that  doesn’t  break  the  final 
assembly.  Just  saying,  “Let’s  take  SOA 
and  apply  it  mindlessly  to  the  entire 
core  application”  [doesn’t  work].  At  the 
end  of  the  day,  there  is  a  screen  in  front 
of  the  end  user  where  he  wants  to  be 
able  to  post  a  transaction.  You  have  to 
draw  the  granularity  boundaries  very 
well.  Otherwise,  you  just  have  compo¬ 
nents  that  can’t  be  assembled. 

Won’t  this  approach  lead  to  commoditization 
of  software  components?  The  most  im¬ 
portant  thing  to  me  from  a  componen¬ 
tization  perspective  is  it  allows  me  to 
make  the  systems  I  have  much  more 
agile  to  change.  And  that’s  the  reality 
of  business  applications. 

What  challenges  does  this  world  of  compo- 
nentized  applications  present?  Is  a  Web 

services  description  an  API,  or  is  it  not 
an  API?  If  people  assume  Web  services 
are  just  APIs,  you  call  them  like  you 
called  them  in  the  past,  then  you  build 
systems  that  are  no  different. 

You  have  to  build  more  message- 
oriented  systems.  You  now  need  to 
think  through  the  workflow  and  con¬ 
trol  logic  in  your  applications  so  that 
you’re  resilient  to  message  passing. 

You  can’t  have  the  control  flow  of 
your  code  be  completely  sequential 
and  synchronous.  You  have  to  have  a 
workflow,  and  you  have  to  be  in  sync 
with  it.  That’s  a  big  mental  shift. 

Be  careful,  too,  where  you  want  to  be 
asynchronous  and  message-oriented. 
You  can’t  do  a  final  transaction  post  in 
a  journal  in  that  form,  because  if  you 
start  doing  that,  you  really  are  going  to 
create  all  kinds  of  issues  in  terms  of 
distributed  transaction  control  and 
also  the  user  experience. 

Will  componentization  enable  users  to  go 
to  best-of-breed  applications  and  mix  and 
match,  since  presumably  the  integration 
costs  will  be  less  to  do  so?  I  believe  . . .  we 
will  have  more  systems  deployed  in  a 
decentralized  fashion,  and  they  will  be 
easier  to  deploy  and  integrate.  If  they 
are  not  easier  to  integrate,  it’s  easier  for 
users  to  just  buy  one  system.  The  beast 
that  needs  to  be  tamed  in  this  case  is  all 
about  integration  cost.  ©  52262 


Who  was  selected  as  best  in  Bl? 


Siebel  Business  Analytics 
Best  Business  Intelligence  Application 
2004  RealWare®  Award  Winner 


Siebel  Business  Analytics  received  the  most  prestigious  Bl  award  because  unlike 
traditional  Bl  vendors,  Siebel  meets  the  new  business  demands  of  enterprise  Bl. 
Siebel  delivers  richer,  real-time  intelligence  for  everyone  across  your  enterprise. 
Working  seamlessly  with  your  existing  systems  and  data  warehouses,  Siebel's  mission- 
critical  Bl  architecture  supports  multi-terabytes  of  data  and  thousands  of  users. 
And  Siebel's  pre-built  solutions  embed  industry-specific  best  practices  that  are 
flexible,  quickly  implemented,  and  deliver  low  TCO. 

To  learn  more,  visit  www.siebel.com/realware 
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With  the  Unix  operating  system  on  its  way  out, 
along  with  the  Alpha  hardware  it  runs  on,  Tru64  users 
must  examine  their  options.  By  Patrick  Thibodeau 

Endgame 

™lm64 


TRU64  HISTORY 


Landmark  dates: 


1988:  Open 

Software  Foun- 
dation  develops  ^ " 
0SF/1  Unix. 

1992:  Digital 
Equipment  Corp. 
takes  over  sys¬ 
tem  and  calls  it 
Digital  Unix. 

jr 

1999:  Digital  is 
acquired  by  Com¬ 
paq,  renames 
system  Tru64. 

2002:  HP  ac¬ 
quires  Compaq, 
sets  new  product 
road  maps. 

HP’S  PLAN 

Tru64:  Updated  version 
due  in  2005.  HP  has  since 
announced  a  new  version 
update  for  2006  as  well. 

Alpha:  HP  will  sell  Tru64 
Unix  AlphaServer  systems 
until  at  least  2006,  with 
support  until  at  least  2011. 

Engineering  support: 

For  Tru64  v4.0F  and  v4.0G 
was  extended  last  year 
until  June  30, 2007. 


HEN  TODD  ACHENSON, 
Internet  systems  man¬ 
ager  at  Ohio  Universi¬ 
ty,  spent  more  than 
$300,000  on  two  high- 
end  Alpha  servers  in 
December,  he  also  got 
something  else:  more 
time  for  his  Tru64  Unix  environment. 

Like  all  Tru64  users,  Achenson  is 
facing  a  deadline.  Hewlett-Packard  Co. 
is  discontinuing  the  Tru64  operating 
system  and  the  Alpha  server  hardware 
it  runs  on.  The  double  blow  means  that 
users  must  move  applications  to  new 
operating  systems  and  hardware  plat¬ 
forms.  But  users  who  say  Tru64’s  relia¬ 
bility,  clustering  and  file  management 
capabilities  are  second  to  none  believe 
that  they’ll  be  trading  down  no  matter 
what  migration  path  they  take. 

HP  will  stop  releasing  new  versions 
of  Tru64  in  December  2006  but  contin¬ 
ue  support  through  at  least  2011.  The 
company  released  its  final  chip  upgrade 
for  Alpha  servers  last  year  but  will  con¬ 
tinue  to  sell  the  servers  through  2006. 

Exploring  Options 

Many  users  are  still  deciding  on  a  mi¬ 
gration  path,  according  to  some  con¬ 
sultants  and  vendors  who  work  with 
Tru64  customers. 

“We’re  just  biding  our  time  and  look¬ 
ing  at  options,”  says  Achenson,  who  has 
not  decided  on  a  migration  path  for 
critical  network  services  managed  by 
his  30  Alpha  servers.  He  believes  the 
two  new  servers  will  give  the  25,000- 
student  university  in  Athens,  Ohio,  up 
to  two  years  of  breathing  room. 

“I  think  the  market  is  still  grappling 
with  it,”  says  Vic  Ahmed,  CEO  of  Par¬ 
sec  Group  Inc.,  a  Denver-based  con¬ 
sulting  and  training  firm  that  is  en¬ 
couraging  users  to  migrate  to  Open- 
VMS,  which  also  has  strong  clustering 
capabilities.  OpenVMS  runs  on  Alpha, 
but  HP  recently  ported  it  to  Itanium. 
“There  is  still  a  pretty  robust  customer 
base  on  Tru64,  and  they  are  fairly  hap¬ 
py  with  it,”  Ahmed  says. 

But  some  users  weren’t  happy  with 
HP’s  decision.  “It’s  just  a  very  big  dis¬ 
appointment,”  says  Nikola  Milutinovic, 
Unix  systems  administrator  at  EPS  JP 
Elektrovojvodina  in  Novi  Sad,  Serbia. 
The  power  company  has  decided  on  a 
Linux  and  Windows  path  for  its  Tru64 
applications. 

Achenson  had  been  considering  HP- 
UX,  HP’s  recommended  migration  path, 
but  reconsidered  when  HP  announced 
in  December  that  it  was  dropping  plans 
to  move  Tru64  clustering  and  file  man¬ 
agement  technology  to  HP-UX. 

“That’s  been  a  big  loss  for  us,”  says 


Achenson.  “The  True64  customers  have 
been  left  high  and  dry.” 

Instead,  HP  announced  an  agreement 
with  Veritas  Software  Corp.  to  integrate 
similar  clustering  technology  in  HP-UX, 
says  Mary  Ellen  Lewandowski,  a  senior 
product  manager  for  Tru64.  She  sees 
the  changes  as  an  improvement  in  the 
Tru64  road  map,  not  a  setback. 

For  instance,  the  decision  improves 
the  clustering  technology,  allowing 
management  of  multiple  clusters,  which 
Tru64  doesn’t  have,  says  Lewandowski. 
“Our  commitment  to  our  customers  is 
to  make  sure  they  have  the  best  road 
map  there  is,”  she  says. 

Tru64  traces  its  origins  to  1988  and 


was  owned  for  most  of  its  life  by  Digi¬ 
tal  Equipment  Corp.  (see  diagram). 
Digital  was  later  acquired  by  Compaq 
Computer  Corp.,  which  merged  with 
HP  in  2002.  HP  quickly  decided  to  re¬ 
tire  Tru64.  “You  need  to  have  one  Unix 
that  you  are  focused  on,  and  HP-UX  is 
a  rock-solid  Unix,”  says  Lewandowski. 

However  HP  justified  the  demise  of 
Tru64,  it  was  still  difficult  news  for 
many  users,  such  as  the  IT  staff  at 
BECU,  formerly  known  as  the  Boeing 
Employees  Credit  Union.  The  Seattle- 
based  firm  is  one  of  the  largest  credit 
unions  in  the  U.S.,  with  some  $5  billion 
in  assets  and  nearly  400,000  members. 

BECU  had  been  an  Alpha  shop  for 


more  than  a  decade,  running  Open¬ 
VMS,  but  the  credit  union  was  under¬ 
going  a  major  upgrade  in  2000  and 
2001  that  included  a  move  to  an  Oracle 
database  it  wanted  to  run  on  Tru64 
Unix. 

HP’s  decision  was  hard  to  take,  says 
Scott  Wolfe,  enterprise  architect  at 
BECU.  “We  felt  like  we  went  out  on  a 
limb  to  introduce  Tru64,  as  opposed 
to  other  operating  systems  that  had  a 
larger  customer  base,”  he  says. 

In  BECU’s  search  for  new  platforms, 
IT  infrastructure  director  Jim  Ratch- 
ford  told  his  team  members  that  they 
“weren’t  beholden”  to  HP  and  could 
look  at  other  Unix  systems. 

BECU  wasn’t  happy  with  HP’s  move, 
but  decision-makers  felt  that  HP  would 
go  the  extra  step  to  ensure  that  the 
credit  union’s  migration  was  success¬ 
ful  —  and  they  may  have  been  right. 

For  instance,  after  deciding  to  move  to 
Integrity  Itanium-based  servers,  BECU’s 
project  faced  a  major  delay  because 
Quest  Software  Inc.’s  database  replica¬ 
tion  software  hadn’t  been  tested  for  Ita¬ 
nium.  Quest’s  CEO  called  HP  and  got 
the  testing  environment  he  needed  to 
keep  the  credit  union’s  project  on 
schedule,  says  Ratchford,  who  felt  HP’s 
fast  response  was  an  indication  of  the 
vendor’s  support. 

Dwindling  Support 

Another  reason  Tru64  users  will  have 
to  move  off  the  system  sooner  rather 
than  later  is  dwindling  independent 
software  vendor  support. 

Some  vendors  are  applying  HP’s 
road  map  to  their  own  products.  For 
example,  Fairfax  Va.-based  Datatel  Inc. 
makes  an  ERP  package  used  in  higher 
education  that  runs  on  Tru64.  It  hopes 
to  have  most  of  its  users  off  the  operat¬ 
ing  system  by  the  end  of  2006,  says 
John  Van  Weeren,  technology  product 
manager.  The  vendor  also  supports 
IBM  AIX,  Sun  Solaris,  HP-UX  and 
Microsoft  Windows  and  plans  to 
support  Red  Hat  Linux  this  year. 

Datatel  user  Bucks  County  Commu¬ 
nity  College  in  Newtown,  Pa.,  moved 
to  HP-UX  last  year  from  Tru64.  Doug 
Burak,  server  network  security  manag¬ 
er,  says  many  of  the  reasons  for  stick¬ 
ing  with  HP  were  business-related. 
The  college  has  a  long  history  with 
Tru64,  as  well  as  with  HP  systems  gen¬ 
erally,  and  believes  HP  will  support  its 
products. 

Kenneth  Farmer,  a  former  systems 
administrator  who  operates  the 
Tru64.org  user  forum,  expects  users 
will  continue  running  the  system  “up 
until  the  very  end,  until  they  stop  sup¬ 
porting  it.”  ©  52601 
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Assessing  a  New 
App  Infrastructure 


Before  Web-based  applications  can  be 
deployed,  our  security  manager  has  to  find 
the  vulnerabilities.  By  Mathias  Thurman 


For  several  months, 
my  company  has  been 
upgrading  to  Oracle  Hi. 
This  is  no  trivial  task, 
since  we  have  dozens  of  criti¬ 
cal  revenue-generating  appli¬ 
cations  that  depend  upon  a 
successful  upgrade  and  migra¬ 
tion.  A  couple  of  weeks  ago, 
the  applications  were  ready  to 
go  live,  and  it  was  time  for  me 
to  conduct  a  security  assess¬ 
ment  and  mitigate 
any  critical  issues. 

Oracle  Hi  provides 
for  an  Internet-based 
application  infra¬ 
structure.  Previously, 
we  had  to  use  mainly 
client-based  applica¬ 
tions.  That  was  always  a  prob¬ 
lem,  because  it  required  each 
user  to  download  and  install 
the  software  he  needed.  Many 
users  ended  up  with  a  dozen 
or  so  applications  on  their 
workstations,  leading  to  per¬ 
formance  problems  and  trou¬ 
bles  when  there  were  up¬ 
grades  or  patches. 

Now  we  will  have  a  single 
Web-based  interface  into  the 
various  modules  users  may 
need.  A  user  in  the  finance  de¬ 
partment,  for  example,  can 
click  on  a  link  that  will  take 
him  to  the  accounts  receiv¬ 
able,  general  ledger  or  ac¬ 
counts  payable  applications, 
assuming  he  has  access  clear¬ 
ance.  Other  employees  will  be 
able  to  enter  expense  reports 
or  procure  equipment  from  a 
single  browser  window. 

Of  course,  new  deployments 
always  require  an  assessment. 
In  this  case,  this  is  even  more 
critical,  since  vulnerabilities 
are  typically  more  prevalent  in 
Web-based  applications. 

Our  practice  is  to  divide  our 
assessments  into  three  core 


areas:  architecture,  system  and 
application. 

As  part  of  the  architecture 
audit,  we  typically  obtain  all 
network  diagrams,  flowcharts, 
firewall  rules,  lists  of  adminis¬ 
trators  and  accounts,  and  so 
on.  We  then  take  a  rule-of- 
least-privilege  approach.  For 
example,  when  we  understand 
how  each  application  interacts 
with  other  areas  of  the  infra¬ 
structure,  we  ensure 
that  firewall  rules 
allow  for  nothing 
more  or  less  than 
the  proper  opera¬ 
tion.  We  then  look  at 
the  manner  in  which 
privileged  accounts 
are  identified,  managed  and 
audited,  making  sure  that 
users  are  configured  with  the 
appropriate  permissions  ac¬ 
cording  to  function. 

Next  is  the  system  audit. 
This  entails  running  a  variety 
of  commercial  and  open- 
source  tools  against  each  sys¬ 
tem  to  ensure  that  they’re  in¬ 
stalled  without  deviation  from 
our  security  baseline  and  that 
administrators  haven’t  made 
modifications  that  might  leave 
a  system  vulnerable.  For  ex¬ 
ample,  administrators  some¬ 
times  create  a  “.rhosts”  file  in 
their  home  directory  and 
place  a  “+”  in  that  file.  The 
.rhosts  file  allows  the  admin  to 


The  application 
audits  always  seem 
to  generate  the  brunt 
of  the  work. 


connect  to  the  server  with 
utilities  such  as  rlogin  without 
supplying  a  password,  but  a 
“+”  in  that  file  lets  anyone  con¬ 
nect  to  the  server  without  a 
password.  It’s  convenient  for 
the  admin,  but  it’s  a  security 
no-no.  Just  prior  to  going  live, 
we  run  a  comprehensive  script 
that  checks  each  system  for 
the  presence  of  such  files,  as 
well  as  for  file  permissions,  ac¬ 
counts,  password  policy,  cron 
jobs,  applications,  patches  and 
so  on.  We  know  what  a  base¬ 
line  system  should  look  like, 
and  any  deviations  are  noted. 
Once  we’ve  run  the  script,  we 
take  a  snapshot  of  the  system 
using  a  tool  from  Portland, 
Ore.-based  Tripwire  Inc. 

We  also  use  Nessus,  an 
open-source  port  scanner,  to 
find  vulnerable  services,  such 
as  one  that  is  running  but  isn’t 
needed  or  is  outdated. 

The  Hard  Part 

The  application  audit  is  prob¬ 
ably  the  most  critical  element 
of  our  assessment.  We  have  a 
pretty  good  handle  on  server 
hardware  and  operating  sys¬ 
tem  configurations,  since 
those  are  fairly  static  environ¬ 
ments.  Any  deviations  can  be 
detected  via  Tripwire  and  at¬ 
tended  to  accordingly.  Appli¬ 
cations  are  the  Wild  West  in 
comparison.  We  have  hun¬ 
dreds  of  developers  around 
the  world  who  all  create  appli¬ 
cations  based  on  different 
methodologies  and  coding 
techniques.  Although  we 
would  like  to  develop  some 
standardization,  that’s  difficult 
in  a  big  company  with  a  lot  of 
development  done  offshore. 

For  this  stage,  we  again  use 
both  commercial  and  open- 
source  tools.  We  currently  use 
Weblnspect  from  Atlanta- 
based  SPI  Dynamics  Inc.  to 
crawl  through  a  Web  site  and 
look  for  dozens  of  Web  server 
and  application  vulnerabilities 
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such  as  SQL  injection,  cross¬ 
site  scripting  and  authentica¬ 
tion  bypass  attacks. 

The  results  of  the  assess¬ 
ment  were  mixed.  For  the 
most  part,  the  servers  were 
configured  within  a  previous¬ 
ly  defined  baseline,  with  only 
a  few  deviations.  In  one  case,  a 
user  enabled  FTP  on  the  serv¬ 
er  because  he  was  too  lazy  to 
use  Secure  Copy  to  move  files. 
On  a  few  other  servers,  the  ad¬ 
ministrator  configured  the 
system  so  that  he  could  direct¬ 
ly  log  in  as  Root. 

But  the  application  audits 
always  seem  to  generate  the 
most  work.  In  this  case,  almost 
every  application  server  had 
SQL  injection  vulnerabilities. 

A  SQL  injection  attack  allows 
a  hacker  to  submit  database 
commands  through  a  form  or 
via  a  URL  that  can  be  execut¬ 
ed  by  the  database.  The  fix  in¬ 
volves  enabling  the  applica¬ 
tion  to  recognize  when  these 
malicious  requests  are  being 
submitted  and  to  then  reject 
them.  This  is  also  termed 
input  validation. 

In  addition  to  the  SQL  injec¬ 
tion  vulnerabilities,  develop¬ 
ers  had  included  sensitive  in¬ 
formation  in  the  Comments 
fields  of  several  scripts,  and 
several  Dynamo  Application 
administration  servers  were 
configured  with  a  default  ad¬ 
min  password. 

There  also  were  some  mi¬ 
nor  Web  server  vulnerabili¬ 
ties,  such  as  the  ability  to  enu¬ 
merate  directories  and  view 
the  contents  of  certain  files, 
which  could  give  a  hacker 
valuable  information. 

The  next  step  is  to  present 
these  findings  to  the  project 
managers  and  put  together  a 
mitigation  plan.  Once  the  plan 
is  executed  and  the  vulnerabil¬ 
ities  are  removed,  we’ll  con¬ 
duct  a  new  assessment  to  en¬ 
sure  that  there  are  no  more 
open  issues  before  we  go  live.  I 

WHAT  DO  YOU  THINK? 

This  week’s  journal  is  written  by  a  real  securi¬ 
ty  manager,  “Mathias  Thurman,”  whose 
name  and  employer  have  been  disguised  for 
obvious  reasons.  Contact  him  at  mathias. 
thurman@yahoo.com,  or  join  the  discussion 
in  our  forum:  QuickLink  a1590 

To  find  a  complete  archive  of  our 
Security  Manager’s  Journals,  go  online  to 

c  computerworld.com/secjournal 
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Security  Bookshelf 

■  Troubleshooting  Linux  Fire¬ 
walls,  by  Michael  Shinn  and 
Scott  Shinn  (Addison-Wesley 
Professional,  2004). 

Despite  the  title,  I  -  T1 

found  this  book  bet¬ 
ter  suited  as  a  how-to 
guide  for  building 
Linux-based  fire¬ 
walls.  If  you’re  looking 
for  a  robust  firewall 
but  don’t  want  to  buy  a 
commercial  product, 

Linux  is  for  you.  And  you’ll 
want  to  pick  up  this  book, 
which  describes  the  planning, 
designing  and  building  of 
Linux-based  firewalls.  The  au¬ 
thors'  expertise  is  immediately 
apparent,  from  a  nicely  writ¬ 
ten  overview  of  IPTABLES  and 
NETFILTER  to  command-line 
arguments  and  step-by-step 
procedures.  Especially  useful 
are  their  frequent  suggestions, 
explanations  of  tools  and  sam¬ 
ple  firewall  rules  with  detailed 
explanations. 

-  Mathias  Thurman 


Laptops  Stolen 
From  Contractor 

U.S.  government  contractor 
Science  Applications  Interna¬ 
tional  Corp.  last  week  reported 
that  laptop  computers  contain¬ 
ing  personal  information  about 
the  company’s  stockholders 
were  stolen  during  a  break-in 
at  its  corporate  offices  in  San 
Diego.  The  Jan.  25  incident 
occurred  in  a  building  that 
houses  administrative  staff, 
so  the  company’s  outsourcing 
business  wasn’t  affected, 
according  to  SAIC  officials. 

Worm  Shows  Up 
On  U.S.  Phones 

The  Cabir  worm,  which  infects 
mobile  phones  running  Sym¬ 
bian  OS  with  the  Series  60 
user  interface,  has  surfaced 
in  the  U.S.  A  Symantec  Corp. 
engineer  spotted  two  Nokia 
handsets  with  a  variant  of  the 
worm  on  display  in  a  shop  win¬ 
dow  in  Santa  Monica,  Calif., 
according  to  Mikko  Hypponen, 
director  of  antivirus  research 
at  F-Secure  Corp. 
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Informatica  Unveils 
Integration  App 

■  Data  integration  software  maker 
Informatica  Corp.  has  announced 
the  PowerCenter  Advanced  Edi¬ 
tion  integration  system.  The 
application  bundles  together 
metadata  management  and  data 
visualization  technology,  accord¬ 
ing  to  the  Redwood  City,  Calif.- 
based  company.  PowerCenter 
Advanced  Edition  ships  March  1. 
Pricing  starts  at  S180.000. 


NEC  Releases 
Midrange  Server 

■  NEC  Solutions  (America)  Inc.  in 
Santa  Clara,  Calif.,  has  unveiled 
the  Express5800/320Lc  midrange 
server.  The  product  combines 
software  monitoring  tools  and  a 
hardware  fault-tolerant  system  in 
one  server.  It  includes  redundant 
virtual  I/O  drivers  for  instant  fail¬ 
over  and  support  for  dynamic  re¬ 
synchronization  of  memory  and 
processors,  NEC  said.  The  server, 
available  now,  starts  at  $24,999. 


Novell  Initiates 
Open-Source  Effort 

■  Waltham,  Mass.-based  Novell 
Inc.  has  established  a  community 
project  called  Hula  to  create  an 
open-source  collaboration  server. 
The  server  will  provide  calendar 
and  e-mail  functionality.  Hula  will 
be  based  on  code  taken  from 
Novell’s  NetMail  collaboration 
server  product.  Novell  contrib¬ 
uted  more  than  200,000  lines  of 
source  code  to  launch  the  effort. 


Hitachi  Upgrades 
Management  Suite 

■  Hitachi  Data  Systems  Corp.  has 
announced  enhancements  to  its 
HiCommand  suite  of  management 
products,  including  advanced  sup¬ 
port  for  Windows  Server  2003. 
Hitachi  also  has  improved  mea¬ 
surement,  analysis  and  diagnostic 
capabilities  and  added  support  for 
logical  partitions,  including  exter¬ 
nal  storage  on  the  Hitachi  Tagma- 
Store  Universal  Storage  Platform. 
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Two  Sides  of 
Vulnerability  Scanning 


There  are  two  approaches  to  network 
vulnerability  scanning,  active  and  passive. 
The  active  approach  encompasses  every¬ 
thing  an  organization  does  to  foil  system 
breaches,  while  the  passive  (or  monitor¬ 
ing)  approach  entails  all  the  ways  the  organization 
oversees  system  security.  When  making  buying  deci¬ 


sions  for  your  organization, 
it’s  a  mistake  to  think  that 
you  have  to  choose  be¬ 
tween  the  two  types  of 
protection. 

The  passive  approach 
allows  security  personnel 
to  monitor  which  operating 
systems  are  in  use;  what  is 
being  sent  to,  from  and 
within  the  system;  which 
services  are  available;  and 
where  parts  of  the  system 
may  be  vulnerable  to 
security  threats.  The  active  approach, 
on  the  other  hand,  offers  much  infor¬ 
mation  about  system  and  application 
vulnerabilities. 

Active  scanning  tools  are  used 
where  constant  vigilance  is  required. 
They  have  a  specific  area  of  focus  that 
the  product  is  programmed  to  monitor. 
(And  they  are  sometimes  configured 
to  prevent  particular  situations  as  well, 
such  as  the  use  of  USB  key  chains  on  a 
network.)  Their  core  monitoring  func¬ 
tionality  is  generally  very  rigid  and 
can’t  be  easily  customized  or  extended. 

When  an  organization  uses  the  pas¬ 
sive  approach  in  scanning  its  LAN,  the 
information  obtained  will  normally 
include  data  pertaining  to  the  hosts 
in  the  network  —  which  ports  are 
open,  which  software  versions  are 
being  maintained  and  which  services 
are  running. 

There  is  a  huge  potential  with  pas¬ 
sive  analysis  because  it  allows  you  to 
assess  the  vulnerability  of  your  soft¬ 


ware  without  interfering 
with  the  client  or  server. 
This  technology  facilitates 
IT  asset  management, 
since  it  allows  an  IT  man¬ 
ager  to  instantly  get  a  list 
of  which  users  are  running 
vulnerable  copies  of  cer¬ 
tain  software  programs. 

When  combined  with 
passive  vulnerability  scan¬ 
ning,  an  active  scan  can 
help  provide  a  more 
complete  picture  of  the 
software  load-out  on  client-side  sys¬ 
tems,  as  well  as  on  servers.  In  short, 
the  two  types  of  scanners  complement 
each  other. 

When  it  comes  to  selecting  the 
right  passive  scanning  product  for 
your  organization,  there  is  no  shortage 
of  options.  Tenable  Network  Security, 
for  example,  offers  a  product  called 
NeVO.  The  NeVO  vulnerability  moni¬ 
tor  can  determine  what’s  happening 
on  your  network  without  having  to 
actively  scan  it.  NeVO  runs  24/7  and 
helps  uncover  whether  any  new  hosts, 
ports,  services  or  vulnerabilities 
have  suddenly  appeared  since  the 
last  active  scan  of  the  network  was 
performed.  Although  NeVO  uses  its 
own  pattern  matching  and  signature 
language  to  detect  potential  threats, 
Tenable  does  publish  new  NeVO  sig¬ 
natures  regularly,  allowing  you  to  easi¬ 
ly  keep  this  product  up  to  date. 

Guardian  Digital’s  flagship  operat¬ 
ing  platform,  EnGarde  Secure  Linux,  is 
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another  example  of  a  passive  security 
tool  with  intrusion-detection  capabili¬ 
ties  to  assist  users  in  pinpointing  secu¬ 
rity  threats.  Guardian  also  offers  the 
Internet  Defense  and  Detection  Sys¬ 
tem,  which  the  company  claims  is  the 
first  open-source  IDS  application  to 
provide  both  enhanced  intrusion- 
detection  and  -prevention  capabilities 
in  one  system. 

Highly  customizable  software  such 
as  GFI  Software’s  LANguard  Network 
Security  Scanner  is  another  example 
of  a  passive  scanner  that  can  unearth  a 
wide  range  of  security  issues  on  your 
computer  network.  GFI  also  produces 
an  active  scanner  called  the  LAN¬ 
guard  Portable  Storage  Control,  which 
is  best  applied  to  plug  holes  in  very 
specific  areas  that  have  been  identi¬ 
fied  by  the  passive  scanner  tools. 

When  deciding  which  approach  to 
use  on  your  network,  remember  that 
the  key  difference  between  the  two  ap¬ 
proaches  to  security  is  action.  Passive 
security  involves  providing  notifica¬ 
tion  of  potential  security  issues,  yet  it 
allows  those  issues  to  continue  until 
the  administrator  takes  action.  An  ac¬ 
tive  security  system,  on  the  other 
hand,  alerts  administrators  of  any  is¬ 
sues  in  question  and  also  takes  mea¬ 
sures  to  prevent  them  from  causing 
damage,  such  as  blocking  the  offend¬ 
ing  IP  address  or  closing  off  the  port. 

The  bottom  line  is  that  passive  scan¬ 
ning  in  systems  can  expose  a  lot  of 
information  about  all  aspects  of  the 
system  in  normal  communications 
without  intruding  upon  operations. 
Active  scanning  has  the  potential  to 
discover  more  information,  and  when 
combined  with  passive  scanning,  it 
gives  a  more  complete  picture.  The 
wise  IT  manager  will  use  both.  ©  52611 
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The  Business  Case  for  Linux 

New  Project  Perils 

Career  Watch 

Building  a  formal  business  case 
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City  CIOs  are 
using  hot  new 
technologies  to 
raise  revenue  - 
and  IT s  status. 

BY  MATT 
HAMBLEN 


fter  years  of  operating  out  of  the 
limelight,  city  CIOs  are  taking  starring 
roles  as  municipal  governments  begin 
launching  new  technologies  to  cut 
costs  or  earn  revenue. 

The  job  market  for  city  CIOs  is  heating  up,  but  the 
required  skills  reach  far  beyond  technology.  To  sell 
their  governments  and  the  public  on  new  ideas  like 
wireless  broadband,  municipal  CIOs  also  need  sharp 
communication  skills  and  political  know-how. 

“Street  smarts  are  needed,”  says  Dianah  Neff,  CIO 
for  the  city  of  Philadelphia.  City  CIOs  today  “need  to 
be  more  political,  absolutely,”  she  adds. 

Neff  survived  a  major  political  battle  last  year  over 
city-provided  wireless  hot  zones  that  would  compete 
with  offerings  from  private-sector  carriers.  “Politics 
was  never  in  any  of  our  training  agendas  to  become 
CIOs,”  she  says,  “but  [being  politically  savvy]  is  more 
of  our  job  today.” 

BEYOND  TECHNOLOGY 

Cities  are  looking  for  CIOs  who  are  politically  astute, 
have  an  eye  on  security,  can  improve  city  services 
such  as  public  safety  with  a  limited  budget  and  can 
keep  IT  costs  down,  says  Adam  Kohn,  vice  chairman 
of  Christian  &  Timbers,  an  executive  recruitment 
firm  in  New  York.  “It’s  a  big  job,  and  if  the  city  CIO 
messes  up,  it  can  be  a  public  nightmare,”  he  adds. 

Neff  knows  the  dangers.  Last  fall,  she  had  what  she 
calls  an  “unbelievable”  experience  dealing  with  the 
Pennsylvania  legislature  and  lobbyists  for  local  ex¬ 
change  carriers.  It  ultimately  resulted  in  passage  of 
legislation  permitting  Philadelphia  to  move  forward 
with  the  creation  of  wireless  mesh  hot  zones  but  re- 
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Dianah  Neff,  CIO  for  the  city  of  Philadelphia:  Tve  learned  that  you  don't  talk  to  a  mayor 
about  grid  computing.  You  talk  about  how  this  technology  is  going  to  reduce  costs."  A.  WJm. 
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CITYWIDE  HOT  ZONES 


New  technology  uses  street  lamps  to  build 
a  mesh  of  Wi-Fi  hot  zones: 
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Out  of  the  Engine  Room 

One  leading-edge  technology  being  deployed  in 
U.S.  cities  is  known  as  municipal  wireless  mesh 
hot  zones.  Based  on  the  concept  of  Wi-Fi  hot  zones, 
they  cover  broader  areas  than  the  Wi-Fi  hot  spots  in 
shopping  malls  and  airports. 

Some  cities  are  building  these  hot  zones  for  public 
safety  needs.  Others  have  gone  further  and  are  offering 
fast  wireless  connections  to  homeowners  and  business¬ 
es  to  replace  cable  modem  and  DSL  services  sold  by  the 
private  sector. 

Tropos  Networks  Inc.  in  Sunnyvale,  Calif.,  has  sold  its 
Wi-Fi  mesh  routers  to  125  cities,  according  to  CEO  Ron 
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Sege.  The  devices  are  deployed  from  city  street  lamps  in 
a  mesh  design  of  about  10  routers  per  square  mile,  giving 
IMbit/sec.  connectivity  using  the  802.11  specification, 
he  says.  “It’s  quite  a  phenomenon,  and  the  demand  is 
increasing  rapidly,”  Sege  says,  noting  that  Dallas  and 
Philadelphia  have  deployed  some  of  the  routers,  and  oth¬ 
er  large  cities,  including  Boston,  Houston  and  New  York, 
are  in  the  early  stages  of  considering  the  technology. 

In  some  cases,  Wi-Fi  hot  zones  can  generate  revenue 
for  cities,  putting  CIOs  and  their  IT  shops  in  the  unusual 
role  of  profit  center  rather  than  cost  center.  “CIOs  are  ex¬ 
cited  to  be  doing  something  so  visible  in  the  community,” 
Sege  says.  “They  are  out  of  the  engine  room  and  into  the 
wheel  house.” 

-  Matt  Hamblen 


striding  other  jurisdictions  in  the  state  from  doing 
so.  “We  won  the  battle  but  lost  the  war,”  she  recalls. 

Neff  had  been  the  top  IT  professional  at  four  other 
cities,  but  last  year’s  battle  taught  her  how  to  work 
with  a  much  more  diverse  group  of  stakeholders  than 
she  ever  had  before,  including  state  legislators,  private- 
sector  lobbyists  and  citizens  groups  of  all  flavors.  “It 
has  really  broadened  my  scope  of  influence,”  she  says. 

The  past  year  has  taught  Neff  that  city  CIOs  more 
than  ever  need  good  people  skills  and  especially  the 
ability  to  advocate  for  technology  for  a  broad  audi¬ 


ence  unversed  in  IT.  “I’ve  learned  that  you  don’t  talk 
to  a  mayor  about  grid  computing,”  she  says.  “You  talk 
about  how  this  technology  is  going  to  reduce  costs.” 

Other  city  IT  leaders  agree  that  their  roles  are 
more  vital  —  and  more  demanding  —  than  ever.  Bill 
Marion,  information  systems  director  for  Milpitas, 
Calif.,  says  his  job  has  become  more  complex  as  the 
IT  department  has  gotten  more  involved  with  gener¬ 
al  operations  and  city  planning.  For  example,  IT  is 
helping  urban  planning  groups  decide  where  con¬ 
duits  for  data  cables  will  be  run. 


“There  was  a  time  we  were  known  as  data  process¬ 
ing  in  the  basement  —  a  part  of  the  finance  depart¬ 
ment,”  Marion  says.  “Now  we’re  a  separate  depart¬ 
ment  that’s  interfacing  with  the  public.” 

Milpitas  has  deployed  mesh  Wi-Fi  for  public- 
safety  officials,  and  the  technology  will  be  evaluated 
for  use  by  citizens.  Meanwhile,  he’s  deploying  anoth¬ 
er  innovative  technology  to  transform  IT’s  image  as 
a  cost  center:  Milpitas  has  provided  a  homegrown 
geographic  information  system  to  government  enti¬ 
ties  outside  of  Milpitas  for  a  fee. 

Like  many  municipal  CIOs,  Brian  Anderson  of  the 
city  of  Dallas  is  simultaneously  concerned  with  inno¬ 
vation  and  cost-cutting.  While  Dallas  is  considering 
wireless  mesh  networks  for  public  safety  and  public 
works,  Anderson  is  also  looking  into  cost  savings  from 
Web  services  and  reductions  in  desktop  operations.  “I 
am  the  point  man  for  so  many  things,”  he  says. 

Anderson  agrees  that  political  know-how  is  a  must 
for  today’s  city  CIOs,  but  he  stresses  that,  like  their 
corporate  counterparts,  they  need  to  understand 
their  businesses.  “We  really  need  to  understand  the 
city’s  problems,”  he  says.  For  example,  if  wireless 
broadband  is  offered  to  citizens,  a  city  CIO  needs  to 
evaluate  what  city  services  will  evolve  from  it  and 
what  fees  or  revenues  might  result,  Anderson  says. 

HOT  JOB 

Kohn  says  he  sees  a  trend  toward  greater  interest  in 
city  CIO  jobs,  which  have  appeared  on  his  “hot  jobs” 
list  for  the  First  time  in  a  decade.  “Because  of  increas¬ 
ing  [technology]  demands  on  municipalities,  this 
CIO  job  cannot  be  ignored,”  Kohn  says.  “The  city 
CIO  holds  the  key  to  security  and  services.” 

Big  cities  are  “very  competitive  with  each  other” 
for  IT  talent,  he  adds.  “The  city  CIO  really  is  a  hot 
job  now  and  will  be  for  the  rest  of  the  decade.” 

Although  new  technologies  and  the  challenges 
they  present  may  make  such  jobs  more  exciting,  the 
salaries  are  still  substantially  below  those  of  CIOs  in 
the  private  sector,  Kohn  says.  But  he  adds  that  mu¬ 
nicipal  CIOs  aren’t  in  it  for  the  money.  “City  CIOs  all 
believe  in  supporting  the  government’s  overriding 
mission  of  serving  the  citizenry,  and  they  all  also  like 
challenges,”  Kohn  says. 

Marion  agrees,  and  he  notes  that  cities  tend  to  offer 
more-secure  retirement  benefits  than  the  private  sec¬ 
tor,  somewhat  compensating  for  the  smaller  paycheck. 

But  the  main  reward  is  seeing  new  technology  work 
for  the  public  good.  “We  all  get  excited  when  we  see  the 
wireless  working  on  the  fire  trucks,”  he  says.  ©  52513 


AS?  Pi! 


The  political  fallout  from  the  im¬ 
plementation  of  wireless  broad¬ 
band  by  dozens  of  city  govern¬ 
ments  nationwide  has  grown  dramatically  in  recent  months. 

Philadelphia  CIO  Dianah  Neff  ran  into  forceful  lobbying  by 
service  providers  in  the  Pennsylvania  statehouse  last  November. 
And  in  early  February,  a  Washington-based  research  group 
backed  by  telecommunications  providers  launched  a  media  as¬ 
sault  on  wireless  broadband  plans.  The  New  Millennium  Re¬ 
search  Council  (NMRC)  condemns  the  use  of  public  funds  for 
wireless  broadband  access  to  homes  and  businesses. 

Saying  there  are  “grave  flaws"  in  the  wireless  rollouts  and  tri¬ 
als  now  under  way  in  more  than  125  cities,  the  NMRC  alleges 
that  “municipal  Wi-Fi  networks  present  a  number  of  serious 


problems  that  are  being  overlooked  as  cities  rush  into  committing 
millions  in  taxpayer  dollars  to  pay  for  network  development  and 
expansion."  The  rollouts  will  have  “a  detrimental  effect  on  city 
budgets  and  on  competitions  in  the  telecommunications  indus¬ 
try,"  the  NMRC  says. 

Critics  of  the  report  claim  that  it’s  biased  toward  the  telecom¬ 
munications  industry.  NMRC  is  funded  by  Issue  Dynamics  Inc.,  a 
well-known  Washington-based  lobbying  firm  for  U.S.  telecom¬ 
munications  companies,  including  those  that  fought  metropoli¬ 
tan  wireless  efforts  in  the  Pennsylvania  legislature. 

NMRC  denies  any  bias  in  its  report,  which  was  written  by  U.S. 
Internet  Industry  Association  President  David  McClure  and 
Heartland  Institute  Senior  Fellow  Steven  Titch,  among  others. 

( Computerworld's  Robert  L.  Mitchell  is  among  those  who  believe 


that  it’s  a  bad  idea  for  cities  to  get  into  the  business  of  providing 
wireless  broadband  access;  see  QuickLink  52647.) 

On  another  front  in  the  Wi-Fi  wars,  Strategy  Analytics  Inc.,  a 
research  and  consulting  firm  in  Newton,  Mass.,  released  a  study 
that  tallies  the  financial  impact  of  all  free  Wi-Fi  hot  spots  and 
zones  -  from  those  in  Starbucks  coffee  houses  to  municipal 
wireless  projects  -  on  traditional  cellular  providers  such 
as  Verizon  Wireless  and  Singular  Wireless  LLC. 

It  reports  that  free  Wi-Fi,  as  well  as  aggressive  pricing  of  Wi¬ 
Fi  capabilities  from  other  traditional  service  providers,  will  place 
as  much  as  $12  billion  of  the  projected  profits  of  U.S.  wireless 
operators  at  risk  through  2008.  That  will  happen  as  U.S.  opera¬ 
tors  invest  $100  billion  in  advanced  wireless  networks. 

-Matt  Hamblen 
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JUST  BECAUSE  THE  SYSTEM  IS  DOWN 
DOESN’T  MEAN  THE  PEOPLE  USING  IT  SHOULD  BE. 

•  'T . ;  v  rmgrti  &\  '^§SsWSKSag 

Constant,  uninterrupted  access  to  critical  data,  systems  and  people.  Even  when  something  goes  wrong.  That’s  Information  Availability.  And  one  of  the 
best  ways  to  virtually  guarantee  Information  Availability  is  by  running  your  production  systems  out  of  our  facilities.  You  manage  your  applications  and 
data  while  SunGard  Availability  Services  helps  to  ensure  that  the  infrastructure  and  technical  support  you  need  is  always  on.  SunGard  can  offer  a  secure 
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and  scalable  environment  at  a  lower  operational  cost  for  production.  Plus  we  have  over  60  state-of-the-art  hardened  facilities  with  network, 
power  and  equipment  redundancies  that  are  unparalleled.  For  a  free  copy  of  the  IDC  White 
Paper:  “Ensuring  Information  Availability”  visitwww.availability.sungard.com/idcwp 


Availability  Services 


Connected. 
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The  Business 

Case  for  Linux 

As  open-source  goes  mainstream,  Linux 
needs  to  clear  the  same  hurdles  as  other 
operating  systems.  BY  CAROL  SUWA 


WHEN  CENDANT  Corp.’s 

Travel  Distribution  Services 
(TDS)  division  considered 
shifting  its  airline-fare  sys¬ 
tem  to  Linux  on  Intel-based 
servers,  the  IT  department 
couldn’t  simply  flip  the  switch.  The 
system  handles  700  transactions  per 
second  in  the  course  of  processing  mil¬ 
lions  of  fares  from  more  than  500  air¬ 
lines  around  the  world.  So  the  IT  team 
set  aside  a  few  months  to  do  a  careful 
analysis  of  the  business  case. 

Now  that  Linux  is  more  commonly 
viewed  as  a  mainstream  option  for 
mission-critical  functions,  IT  man¬ 
agers  are  increasingly  evaluating  the 
open-source  operating  system  with  the 
same  due  diligence  with  which  they 
compare  commercial  offerings,  accord¬ 
ing  to  industry  analysts. 

“It’s  not  a  science  project  anymore,” 
says  Julie  Giera,  an  analyst  at  Forrester 
Research  Inc.  “At  this  point,  Linux 
shouldn’t  be  different  than  any  other 
commercial  software  package  you  buy. 
The  rules  should  be  the  same.  The 
level  of  scrutiny  should  be  the  same, 
and  the  process  for  approval  should 
be  the  same.” 

A  key  first  step  is  establishing  the  cri¬ 
teria  by  which  Linux  will  be  judged.  En¬ 
terprise  Linux  use  has  concentrated  on 
the  server,  and  decisions  are  generally 
made  in  concert  with  moves  to  cheaper 
hardware.  So  the  business  case  is  usual¬ 
ly  built  for  the  hardware  and  the  soft¬ 
ware  operating  system  at  the  same  time. 

Two  years  ago,  Chicago  Mercantile 
Exchange  Inc.  (CME)  was  paying 
$20,000  to  $40,000  for  each  of  its  Sun 
Microsystems  Inc.  servers  running  So¬ 
laris,  according  to  Joe  Panfil,  the  com¬ 
pany’s  director  of  enterprise  technol¬ 
ogy.  When  the  CME  needed  to  add  ca¬ 
pacity,  the  IT  team  was  anxious  to  see 
if  it  could  reduce  the  server  costs. 


Linux  servers  were  priced  at  about 
$3,000  apiece,  and  a  Red  Hat  Inc.  sup¬ 
port  subscription  tacked  on  another 
$400  per  box,  Panfil  says.  Even  though 
the  operating  system  can  be  down¬ 
loaded  for  free,  serious  users  typically 
don’t  want  to  risk  running  Linux  with¬ 
out  a  support  contract,  especially  if 
they’re  running  mission-critical  appli¬ 
cations  on  it. 

But  cost  wasn’t  the  sole  metric  in  the 
business  case,  particularly  after  Sun 
began  to  drop  its  server  prices.  The 
CME  had  to  be  sure  that  its  critical 
third-party  software  products  —  Tibco 
Software  Inc.’s  middleware,  BEA  Sys¬ 
tems  Inc.’s  WebLogic  application 
server  and  Oracle  databases  —  were 
certified  to  run  on  Linux,  Panfil  says. 

Transaction  speed  was  another  key 
driver.  The  CME  makes  money  based 
on  the  number  of  trades  it  can  process, 
so  every  millisecond  it  shaves  off  the 
round-trip  trading  time  counts. 

But  none  of  that  would  matter  if  the 
system  didn’t  run  reliably  on  Linux.  In¬ 
ternally  developed  electronic  trading, 
clearing  and  regulatory  applications 
needed  to  be  ported  to  Linux,  and  de¬ 
velopers  needed  training  to  write  code 
optimized  for  Linux. 

Proving  the  Case 

Once  the  metrics  are  established,  it’s 
time  to  test.  For  Orbitz  Inc.,  that  meant 
bringing  together  four  members  of  its 
software  team  and  four  members  of  its 
hardware  engineering  team  when  the 
leases  for  the  Sun  servers  that  ran  its 
BEA  application  servers  were  due  to 
expire  in  the  summer  of  2002. 

On  paper,  Linux  made  sense  for  Orb¬ 
itz.  The  Chicago-based  online  travel 
service  had  the  skills,  infrastructure 
and  tools  to  work  with  the  open- 
source  operating  system,  since  the 
low-fare  search  engine  it  licensed  from 


ITA  Software  Inc.  already  ran  on  Red 
Hat’s  Linux  distribution. 

But  Orbitz  still  needed  to  make 
sure  its  WebLogic  application  servers 
would  perform  as  well  on  Linux  on 
Intel-based  hardware  as  they  had  on 
Sun  Solaris  servers,  taking  into  ac¬ 
count  new  functionality  the  travel 
company  was  planning  for  its  site. 

So  the  Orbitz  IT  team  consulted  with 
the  finance  and  product  marketing  de¬ 
partments  to  find  out  which  new  fea¬ 
tures  they  wanted  and  how  much  addi¬ 
tional  traffic  they  expected.  Orbitz 
architects  estimated  what  it  would  take 
to  deliver  the  new  features,  and  then 
systems  engineers  determined  the  hard¬ 
ware  capacity  that  would  be  needed. 

Orbitz  did  a  CPU-for-CPU  compari¬ 
son  of  Intel  Corp.  processors  running 
Linux  against  Sun  Sparc  processors 
running  Solaris  and  found  that  the  Intel 
CPUs  performed  twice  as  well,  accord¬ 
ing  to  chief  Internet  architect  Leon 
Chism.  Orbitz  then  calculated  the  in¬ 
cremental  cost  of  purchasing  new 
servers  from  Sun  and  compared  that 
with  the  amount  it  would  spend  if  it 
adopted  the  open-source  model  and 
used  greater  numbers  of  smaller  com¬ 
modity  servers.  It  also  factored  in  the 
additional  overhead  required  to  man¬ 
age  the  Linux  servers.  “We  did  that 
business  case”  over  three  months,  says 
Pete  Stoneberg,  director  of  systems  en¬ 
gineering,  “and  it  clearly  came  out  in 
the  open-source  Linux  camp.” 

Cendant  TDS  built  a  lab  to  test 
3-GHz  Intel  chips  on  eight-way  IBM 
servers  against  the  900-MHz  Sparc 
chips  it  had  been  using  on  24-way  Sun 
boxes.  The  goal  was  to  see  if  its  360 
Degrees  Fares  application  could  scale 
out  through  smaller,  redundant  Linux 
servers  and  reliably  process  an  equiva¬ 
lent  number  of  transactions  in  the 
same  amount  of  time  as  the  larger, 
more  expensive  Unix  hardware. 


“For  our  company,  stability  is  impor¬ 
tant.  We  believed  we  could  get  high 
levels  of  stability  through  a  highly  re¬ 
dundant  system  built  on  lots  of  low- 
cost,  high-performing  Intel  boxes,” 
says  Robert  Wiseman,  chief  technol¬ 
ogy  officer  at  Cendant  TDS.  “It  turned 
out,  for  this  application,  we  could  run 
at  least  as  many  transactions  through 
the  Intel  boxes  as  the  Unix  boxes.” 

Final  Tweaks 

That  wasn’t  the  end  of  it.  The  team  ran 
the  application  for  30  days  and  found 
Unix  more  forgiving  of  problems  such 
as  memory  leaks.  Developers  spent 
about  three  months  tweaking  the  ap¬ 
plication  code  to  deal  with  the  slight 
operating  system  differences  between 
Unix  and  Linux.  “But  at  the  end  of  the 
day,”  Wiseman  says,  “the  redundant  ar¬ 
chitecture  we  created  with  the  Lintel 
environment  gave  us  better  stability.” 

The  next  step  was  determining  the 
number  of  boxes  needed,  based  on  the 
number  of  transactions  the  hardware  is 
capable  of  handling,  and  determining 
the  headroom  Cendant  TDS  wanted 
above  the  peak  load.  The  numbers  told 
the  story. 

“The  cost  of  building  out  our  plat¬ 
form  on  Lintel  versus  continuing  to 
build  on  Unix  was  90%  less  expen¬ 
sive,”  says  Wiseman.  “It  was  dramatic.” 

The  business  case  for  Linux  also 
won  the  day  at  the  CME,  saving  the  ex¬ 
change  an  estimated  $2.8  million  last 
year.  “We  had  a  lot  of  preplanning  and 
thought  in  front  of  the  move,”  Panfil 
says.  “Where  we’ve  needed  faster 
servers  and  cost  reductions,  we’ve  im¬ 
plemented  it,  and  we’re  happy.” 

But  the  evaluation  is  ongoing.  “We’re 
always  going  to  be  looking  at  new 
technologies,”  he  says.  “If  Solaris  10 
proves  to  be  just  as  fast  as  Linux  and 
more  reliable,  well  implement  it  on 
commodity  servers.”  O  52516 


COSTS 


■  License  fees 

■  Maintenance  (updates 
and  new  releases) 

■  Support 

■  Training  (for  developers 
and  administrators) 

■  Planning 

■  Management 

■  IT  overhead 

■  Security 

■  Migration  and  integration 

■  Hardware/maintenance 


«■  Architectural  efficiency 
(modular  building  blocks) 

■  Business  flexibility  (no  wait¬ 
ing  on  vendor  schedules) 

■  Vendor  leverage  (improved 
negotiation  position) 
i  Higher  quality 
i  Fast  problem-solving 
(visibility  into  source  code) 
i  Improved  IT  skills  (through 
interaction  with  open- 
source  community) 
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SOURCE:  FORRESTER  RESEARCH  INC.,  CAMBRIDGE,  MASS. 


■  Lack  of  support 

■  Missing  features 

■  Lack  of  operational  man¬ 
agement  (outside  of  Linux, 
monitoring  and  control 
tools  are  rare) 

■  Unpredictable  release 
timetables 

■  Security 

■  Intellectual  property 
liabilities 
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Middleware  is  Everywhere 


Can  you  see  it? 
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IBM  EXPRESS  MIDDLEWARE™  IS  SOFTWARE 

Software  like  WebSphere®  Express  that’s  designed 
to  help  mid-sized  businesses  connect  their  processes 
to  meet  business  goals.  On  demand.  Designed  to  work 
with  the  IT  systems  you  have.  Designed  to  be  installed 
quickly  and  easily,  with  prices  starting  at  $600!  Ask  your 
Business  Partner  about  it  -  or  you  might  miss  the  boat. 


1.  Crates  of  patio  furniture  scanned. 

2.  Quantities  verified  on  secure  database. 

3.  Timetables  confirmed  online. 

4.  Inventory  added  to  order  automatically. 
5. 1,200  plastic  chairs  en  route  to  Key  West 
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DEMAND  EXPRESS  PORTFOLIO 

BUILT  FOR  MID-SIZED  BUSINESS. 


IBM  Express  Middleware 


•tfolio  are  registered  trademarks  or  trademarks  ot  International  Business  Machines 


including  software  maintenance  and  technical  support.  Check  with  your  local  IBM 
ill  rights  reserved.  ’  '  .  i  t  \ 
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Peris 

Shifting  regulatory  terrain  raises 
new  obstacles  for  project  man¬ 
agers.  BY  STACY  COLLETT 


T  JET  BLUE  AIRWAYS  CORP., 
Vice  President  of  IT  Todd 
Thompson  mapped  out  an 
aggressive  IT  schedule  for 
a  new  payroll  system  and 
a  slew  of  other  projects 
to  be  completed  by  the  end  of  2005. 
But  the  company’s  controller  had 
different  ideas. 

“You  can’t  go  live  in  the  fourth 
quarter,”  she  announced.  The  reason: 
The  Sarbanes-Oxley  Act  calls  for  the 
toughest  oversight  yet  of  companies’ 
financial  reporting  practices.  As  a  re¬ 
sult,  auditors  now  look  at  any  new  fi¬ 
nancial  systems  deployed  in  the  fourth 
quarter  of  the  year  as  red  flags. 

Just  when  veteran  project  managers 
thought  they  had  navigated  the  tough¬ 
est  project  pitfalls,  the  terrain  has 
shifted.  Regulations  introduced  over 


As  young  business  managers  get  bet¬ 
ter  versed  in  technology,  IT  project 
managers  are  finding  that  a  little 
knowledge  can  be  a  dangerous  thing. 

Business  managers  sometimes 
think  they  understand  all  the  IT  issues 
and  don't  invite  input  from  IT  staff, 
says  Virginia  Robbins,  CIO  at  Chela 
Financial  Resources.  “We’ve  seen 
more  team  meetings  [to  launch  new 
projects]  where  the  technology 
[group]  is  not  present,”  says  Robbins. 

But  when  these  young  guns  miscal¬ 
culate,  budgets  can  skyrocket.  On  one 
such  project,  IT  folks  finally  came  in  a 


the  past  few  years  are  wreaking  havoc 
with  otherwise  solid  project  plans. 
These  changes  can  blow  up  project 
deadlines  and  budgets,  drain  staff  and 
force  project  managers  into  the  role  of 
privacy  police.  Here  are  some  of  the 
obstacles  in  the  new  project  landscape. 

FOURTH-QUARTER  TRAPS.  The 

reporting  requirements  brought  on 
by  Sarbanes-Oxley  have  controllers 
putting  the  brakes  on  financial  IT  proj¬ 
ects  in  the  fourth  quarter,  says  Holly 
Nelson,  controller  at  Jet  Blue. 

In  the  real  world,  most  projects  are 
completed  in  the  fourth  quarter,  says 
Catherine  Tomczyk,  a  project  manager 
at  First  Data  Government  Solutions 
Inc.  in  Greenwood  Village,  Colo.  But  in 
the  financial  realm,  big  expenses  near 
year’s  end  can  give  auditors  the  im- 


third  of  the  way  through,  Robbins  says. 
When  they  checked  on  the  technical 
requirements,  “the  cost-benefit  analysis 
changed  by  five  times,”  she  says. 

Realizing  she  needed  a  player  in  the 
game,  Robbins  chose  an  IT  manager 
and  reinvented  his  role  as  a  “business 
owner  of  IT.”  He  now  represents  IT 
business  interests  at  every  new  project 
meeting.  "He’s  at  the  same  level  as 
these  other  managers,”  she  says.  “He 
is  their  peer.” 

He’s  also  the  IT  group’s  early- 
warning  device,  Robbins  says. 

-Stacy  Collett 


pression  that  someone  is  using  up 
funds  so  they  don’t  lose  them. 

Fourth-quarter  projects  may  also 
raise  auditors’  suspicions  that  upgrades 
or  new  software  may  have  been  added 
without  the  proper  controls  in  place. 

Financial  projects  not  scheduled 
with  this  in  mind  could  be  delayed 
until  the  first  of  the  year  and  perhaps 
even  lose  funding,  or  IT  could  be  pres¬ 
sured  to  bring  projects  live  too  soon. 

AUDIT  OVERKILL.  Project  managers 
at  financial  services  firms  also  face 
other  regulatory  fallout,  such  as  con¬ 
cerns  raised  by  the  Fair  and  Accurate 
Credit  Transactions  Act  and  the  Fair 
Credit  Reporting  Act,  which  govern 
the  storage  and  protection  of  con¬ 
sumer  credit  information. 

At  nonprofit  student-loan  provider 
Chela  Financial  Resources  Inc.  in  San 
Francisco,  students’  credit  scores  are 
required  to  process  applications,  but 
the  need  to  protect  that  information 
can  lead  to  audit  overkill.  “We’re  work¬ 
ing  on  one  project  now  where  we  have 
three  lawyers  involved  in  the  early  re¬ 
quirements  phase”  because  the  regula¬ 
tions  regarding  how  the  data  can  be 
stored  and  protected  are  so  specific, 
says  Virginia  Robbins,  CIO  and  a  Com- 
puterworld  columnist.  “Historically,  we 
would  only  have  one.” 

The  bottom  line:  “More  opinions 
mean  more  time,  more  money,  and  the 
cost  of  the  project  goes  up,”  she  says. 

TALENT  DRAIN.  The  USA  Patriot  Act 
is  hampering  the  use  of  foreign  nation¬ 
als  in  U.S.  projects.  The  act  includes 
tight  guidelines  on  the  use  of  foreign 
workers  on  federal  government  proj¬ 
ects,  and  it  restricts  their  access  to 
company  information  and  facilities. 

The  effect  on  projects  can  range  from  a 
nuisance  to  a  serious  blow. 

At  First  Data,  many  members  of 
Tomczyk’s  team  are  foreign  nationals. 
“The  day  [the  Patriot  Act]  went  into 
effect,  everything  came  to  a  crashing 
halt,”  she  recalls.  “My  lead  architect, 
two  top  developers  and  my  whole 
mainframe  group  —  close  to  15  people 
—  had  to  move  to  another  wing  of  the 
building.  We  had  to  find  space  that 
wasn’t  in  a  secure  area.  We  had  to 
change  IDs  and  passwords.  They 
couldn’t  come  in  after  hours.  They 
had  to  be  escorted  everywhere.” 

The  result:  lost  time,  increased  ex¬ 
pense  and  lower  morale. 

INTELLECTUAL  PROPERTY 
PROBLEMS.  In  the  Internet  Age,  in¬ 
tellectual  property  is  on  everyone’s 
mind.  Too  often,  protecting  it  becomes 
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SUCCESS  FACTORS 

In  November,  The  Standish  Group  Interna¬ 
tional  Inc.,  whose  Project  Chaos  has  been 
following  project  management  successes 
and  failures  for  more  than  a  decade,  listed 
its  latest  findings  on  what  makes  projects 
succeed.  Here  are  Standish’s  success  fac¬ 
tors  (in  bold),  with  some  additional  obser¬ 
vations  about  how  the  difficult  new  IT  land¬ 
scape  makes  success  even  more  elusive: 

■  User  involvement.  But  lately,  some 
users  have  not  only  taken  the  lead,  they’ve 
also  excluded  IT  from  project  planning. 

•  Executive  management  support. 

*  Clear  business  objectives. 

■  Experienced  project  manager. 

•  Minimal  scope  and  requirements. 

Avoiding  scope  and  requirement  creep 
has  always  been  a  challenge,  but  now 
regulatory  requirements  are  adding  cost 
and  complexity  to  projects  everywhere. 

■  Iterative  and  agile  process.  Layers 
of  regulatory  red  tape  are  further  slowing 
project  teams’  response  times. 

■  Skilled  personnel.  The  USA  Patriot 
Act  virtually  cages  foreign  talent. 

■  Formal  methodology. 

■  Financial  management.  Lately, 
some  financial  officers  are  letting  audit 
red  flags  dictate  project  calendars. 

*  Standard  tools  and  infrastructure. 

the  project  manager’s  responsibility. 
“Every  time  you  change  the  look  and 
feel  of  a  Web  site,  you  have  to  copy¬ 
right  it,”  says  Tomczyk.  “Sometimes 
you’re  turning  it  out  so  fast,  it  becomes 
[the  project  manager’s]  responsibility 
to  change  copyright  data.” 

Protecting  intellectual  property  is 
even  more  challenging  when  part  of  a 
project  is  outsourced.  In  India  and 
much  of  Asia,  contractual  agreements 
about  copyright  protection  can  be  vir¬ 
tually  useless,  says  Gopal  Kapur,  presi¬ 
dent  of  the  Center  for  Project  Manage¬ 
ment  in  San  Ramon,  Calif.  “Contracts 
don’t  do  anything  [in  India]  unless  em¬ 
ployees  have  been  trained”  on  copy¬ 
right  protection,  he  says. 

Protecting  sensitive  company  or 
consumer  information  is  another  chal¬ 
lenge.  Kapur  recently  visited  a  medical 
transcription  outsourcing  firm  in  India 
and  learned  that  medical  information 
from  U.S.  patients  was  openly  available 
on  its  databases. 

When  part  or  all  of  a  project  is  out¬ 
sourced,  building  in  real  protections 
against  copyright  and  intellectual 
property  abuses  can  eat  up  time  and 
resources.  O  52510 


Collett  is  a  Computerworld  contributing 
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TITLE:  Senior 
vice  president 


COMPANY: 

American 
Modern  Insur¬ 
ance  Group  Inc.,  Amelia,  Ohio 

Campbell  is  this  month’s 
guest  Premier  100  IT  Leader, 
answering  a  reader’s  ques¬ 
tion  about  project  manage¬ 
ment  skills.  If  you  have  a 
question  you’d  like  to  pose 
to  one  of  our  Premier  100 
IT  Leaders,  send  it  to 
askal  ader@computerworld. 
com  and  watch  for  this 
column  each  month. 


I  have  been  in  the  IT  field  since 
1978  as  a  junior  programmer  and 
am  working  my  way  up  to  a  sys¬ 
tem  analyst.  Presently,  I  am  en¬ 
rolled  in  a  study  program  to 
achieve  a  certificate  in  IT  project 
management  and  a  secondary  cer¬ 
tificate  in  business  analysis.  What 
are  the  job  prospects  for  this  com¬ 
bination?  It’s  very  encouraging  to  see 
that  you  are  furthering  your  education. 
Continued  learning  and  skill  develop¬ 
ment  are  critical,  given  the  pace  of 
technology  change  and  the  highly 
competitive  business  environment. 

Project  management  skills  have 


been  in  high  demand  over  the  past 
several  years,  and  the  demand  seems 
to  be  increasing.  Companies  now  real¬ 
ize  the  importance  project  manage¬ 
ment  plays  in  successfully  deploying 
technology  solutions. 

IT  has  been  criticized  for  not  deliv¬ 
ering  an  acceptable  return  on  invest¬ 
ment.  An  organization  that  values  and 
embraces  a  strong  project  manage¬ 
ment  culture  is  more  likely  to  generate 
a  higher  documented  ROI  on  technol¬ 
ogy  initiatives.  Training  in  project  man¬ 
agement  should  entail  more  than  just 
how  to  plan,  organize,  staff  and  man¬ 
age  a  series  of  technical  tasks.  It's  im¬ 
portant  to  address  the  business  as¬ 
pects,  such  as  business  process 
flows,  requirements  gathering,  user- 
acceptance  testing  and,  most  impor¬ 
tant,  business  change  management. 

Business  analysts  are  often  called 
upon  to  assist  with  the  extraction,  in¬ 
terpretation,  development  and  docu¬ 
mentation  of  business  rules,  require¬ 
ments  and  test  plans.  Business  ana¬ 
lysts  might  reside  in  IT  or  in  a  business 
unit.  In  either  case,  they  need  to  have 
a  thorough  understanding  of  the  busi¬ 
ness  function  they  are  supporting. 

The  job  prospects  for  someone  with 
training  and  experience  in  project 
management  and  business  analyst 
techniques  are  extremely  good.  I  would 
encourage  you  to  complete  the  PMP 
certification  awarded  by  the  Project 
Management  Institute.  Look  for  com¬ 
panies  that  have  a  formal  project  man¬ 
agement  office.  You  may  be  hired  as  a 
business  analyst,  project  coordinator 
or  junior  project  manager.  From  there, 
you  can  learn  the  business  and  will 
have  opportunities  in  project  manage¬ 
ment  for  the  industry  you  have  chosen. 


MORE  BAD  NEWS  ON  IT  SALARIES 


LAST  YEAR,  overall  salaries  for  IT  pro¬ 
fessionals  dropped  to  levels  not  seen 
since  2001,  according  to  a  survey  Dice 
Inc.  released  this  month. 

But  professionals  in  de¬ 
fense  and  government-re¬ 
lated  industries  were  im¬ 
mune  to  the  trend,  proba¬ 
bly  helped  by  greater 
spending  since  Sept.  11, 

2001,  the  company  said. 

The  average  salary  for 
IT  workers  decreased 
2.6%,  from  $69,900  in 
2003  to  $67,800  last 
year,  according  to  Dice, 
which  surveyed  23,000 
technology  professionals. 

One  significant  trend  is  that  profes¬ 
sionals  in  the  government  and  defense 
sectors,  as  well  as  affiliated  industries, 
saw  their  average  salary  rise  from 
$64,600  to  $66,500,  passing  their 
colleagues  in  both  the  manufacturing 


and  Internet  services  sectors. 

“The  spending  for  homeland  security 
and  defense  is  the  main  factor,”  said 
Scot  Melland,  CEO  and 
president  of  Dice,  which 
runs  Dice.com,  home  of 
one  of  the  largest  online 
technology-focused  job 
boards  in  the  U.S. 

The  growth  in  the  de¬ 
fense  technology  market 
was  also  mirrored  by 
changes  in  geographical 
statistics.  Survey  respon¬ 
dents  in  San  Diego  and 
Los  Angeles  reported  a 
higher  increase  in  their  av¬ 
erage  salaries  than  did 
their  colleagues  in  Silicon  Valley.  Several 
defense-related  companies  are  located 
in  Southern  California.  And  Melland  said 
defense  spending  is  probably  the  reason 
behind  job  growth  in  Washington. 

■  JOHAN  BOSTROM,  IDG  NEWS  SERVICE 


The  gender  gap  in  IT 
salaries.  But  for  all 
U.S  industries  com¬ 
bined,  the  differential 
that  men  enjoy  over 
female  employees  is 
nearly  double  that. 

SOURCE:  DICE  INC. 


OFFSHORE  FOCUS 


WHAT  COUNTRY  is  gaining  the  most  on 
India  as  a  destination  for  offshore  IT  work? 
China  and  the  Philippines  might  spring  to 
mind,  but  they  have  nothing  on  Poland.  Of 
course,  Poland  can’t  compare  with  India 
for  the  sheer  number  of  IT  jobs  it  hosts.  But 
according  to  a  study  by  Frost  &  Sullivan 
Ltd.,  for  the  three  years  from  2002  through 
2004,  Poland  had  a  compound  annual 
growth  rate  (CAGR)  of  40.11%  for  out¬ 
sourced  IT  workers  in  captive  companies  - 
those  owned  by  the  outsourcing  clients  - 
and  58.72 %  for  outsourcing  service  pro¬ 


viders.  In  India,  the  CAGR  was  11.36%  for 
captives  and  12.32%  for  service  providers. 
Jarad  Carleton,  an  analyst  at  Frost  &  Sulli¬ 
van,  says  Poland’s  attractions  include  a 
highly  educated  workforce  and  financial 
grants  the  government  has  made  available 
to  all  industries,  including  IT. 

And  how  many  jobs  did  companies  in 
developed  countries  send  offshore?  During 
the  period  studied,  the  high-cost  nations 
analyzed  (see  chart)  increased  the  number 
of  IT  jobs  sent  overseas  by  826,540,  for  a 
total  of  7,599,540.  ©  52541 


2002 


JOB  EXPORT  TALLY,  2002-04 


COUNTRY 


2003  2004 

2,432,461  2,683,904 


2,310,018 


934,835 


Germany 


2,316,955 


300,459 


Hong  Kong 


BASE:  Data  collected  over  a  three-year  period  (2002-04)  through  600  questionnaires.  All  respondents  were  screened  to 
ensure  that  they  were  decision-makers  in  IT  matters.  Employers  covered  in  the  report  ranged  in  size  from  small  operations 
with  fewer  than  50  employees  to  global  companies  with  more  than  100,000  empioyees  working  in  several  countries.  Frost 
&  Sullivan  also  conducted  interviews  with  company  and  government  officials  in  14  countries. 

SOURCE:  Frost  &  Sullivan  Ltd. 
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Outsourcing 

■  April  4-6,  Los  Angeles 
Sponsor:  Gartner  Inc. 

The  Gartner  Outsourcing  Summit  in¬ 
cludes  tracks  on  fundamentals  of  suc¬ 
cessful  sourcing,  changes  and  choices 
in  the  outsourcing  marketplace,  busi¬ 
ness  process  outsourcing,  global 
sourcing  and  case  studies. 
www.gartner.com/us/itsourcing 


Business 

Intelligence 

■  April  12,  San  Jose 
Sponsor:  IDC 

Business  Intelligence  and  Business 
Process  Forum  topics  include  applying 
business  intelligence,  predicting  the 
business  impact  of  business  intelli¬ 
gence  projects,  overcoming  deficien¬ 
cies  in  return-on-investment  analyses, 
proven  approaches  to  engaging  across 
functional  areas,  and  combining 
emerging  technologies. 
www.idc.com/events/events 


Business  Process 
Management 

■  April  12-13,  Chicago 
Sponsor:  BrainStorm  Group  Inc. 

There  are  tracks  for  technology  and 
business  professionals.  Tech  topics  in¬ 
clude  the  business  value  of  processes 
and  standards,  leveraging  business 
rules,  service-oriented  architectures 
and  business  rules-engine  case  stud¬ 
ies,  and  best  practices.  Business  topics 
include  business/IT  alignment,  busi¬ 
ness  process  portfolio  management, 
enabling  process  innovation,  leverag¬ 
ing  process  modeling  and  case  stud¬ 
ies.  www.brainstorm-group.com 


information 

intelligence 

a  April  19-21,  Phoenix 
Sponsor:  Delphi  Group 

Topics  at  the  Next  Generation  Search, 
Content  and  Knowledge  Management 
Summit  include  increasing  customer 
service  quality  and  responsiveness, 
intelligent  customer  interactions,  text 
analytics,  data  mining,  implementing 
enterprise  search,  managing  meta¬ 
data,  and  risk  management  and  best 
practices,  www.deiphigroup.com 


GEORGE  TILLMANN 


Innovation 
Doesn’t  Rust 


VERYTHING  that  can  be  invented 
has  been  invented.” 

This  is  the  often-published  quote  at¬ 
tributed  to  Charles  H.  Duell,  U.S. 
Commissioner  of  Patents  in  1899,  sug¬ 
gesting  that  the  patent  office  be  permanently  closed, 


since  there  was  nothing  left 
to  invent.  This  statement,  it 
turns  out,  was  somewhat 
premature  and  overly  sim¬ 
plistic. 

Similarly,  there  has  been 
a  lot  of  discussion  recently 
about  the  predicted  end  of 
innovation  coming  out  of 
IT  and  of  IT  as  we  know  it. 

The  most  recent  and  most 
discussed  predictions 
come  from  Nicholas  G. 

Carr  in  his  book  Does  IT 
Matter?  (Harvard  Business 
School  Press,  2004).  Carr 
sees  historical  parallels  in 
the  introduction,  spread 
and  eventual  commoditization  of  all 
innovative  technology,  IT  included. 

He  argues  that  an  emerging  technol¬ 
ogy  can  provide  competitive  advan¬ 
tage  in  the  beginning,  but  that  advan¬ 
tage  quickly  fades  and  innovation 
dries  up  as  the  technology  becomes 
mature  and  ubiquitous.  At  that  point, 
Carr  says,  we  should  stop  assuming 
that  it  will  provide  future  competitive 
advantage  and  treat  it  as  a  utility, 
where  innovation  is  limited  to  control¬ 
ling  costs  and  managing  service  risk 
[QuickLinks  37990  and  46432]. 

Some  agree  that  the  days  of  IT- 
enabled  innovation  are  over.  Everyone 
has  computers,  everyone  has  net¬ 
works,  and  everyone  buys  packaged 
software  from  the  same  suppliers.  IT 
innovation  is  dead,  so  it’s  best  to  hun¬ 
ker  down  and  accept  IT  as  a  utility. 

But  are  these  observers  looking  at 
the  right  IT?  If  you  consider  IT  to  be 


hardware,  cables  and  sili¬ 
con,  then  Carr  and  the  oth¬ 
ers  are  probably  correct. 
The  advances  attributed  to 
IT  can’t  be  maintained  if 
everyone  has  what  every¬ 
one  else  has.  We  saw  this 
in  the  erosion  of  the  ad¬ 
vantages  early  computer 
adopters  experienced 
decades  ago. 

The  physical  properties 
of  the  silicon  and  copper 
of  computer  hardware 
limit  what  we  can  do  with 
them.  Even  Martha  Stewart 
doesn’t  have  an  infinite 
number  of  uses  for  pine 
cones  and  tofu.  At  some  point,  innova¬ 
tion  simply  becomes  exhausted. 

But  there’s  another  IT,  an  IT  of  ideas 
that  doesn’t  grow  old  or  become  mar¬ 
ginalized.  It’s  this  IT  that  created  the 
innovative  services  that  changed  how 
we  bank,  build  cars  and  communicate 
with  the  kids  at  summer  camp.  And  if 
Carr  is  wrong,  this  may  be  the  IT  that 
cures  disease,  supports  human  colonies 
on  Mars  and  maybe  even  makes  sense 
of  our  taxes. 

This  is  the  IT  of  software  —  an  IT 
quite  different  from  the  one  of  silicon 
and  copper,  because  software,  next  to 
poetry,  is  perhaps  the  most  conceptual 
of  human  creations.  Software  is  an  ex¬ 
tension  of  human  thought,  and  it  will 
never  be  built  out.  Good  innovators 
will  always  be  able  to  stay  ahead  of 
their  imitators. 

Innovative  companies  have  known 
about  the  two  ITs  for  years.  For  exam- 
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pie,  more  than  a  decade  ago,  compa¬ 
nies  in  the  securities  industry  were 
competing  to  build  the  automated  sys¬ 
tems  that  gave  us  the  hedging  and  ar¬ 
bitrage  program  trading  of  the  late 
1980s  and  early  1990s. 

If  you  had  visited  the  groups  that 
developed  these  tools,  you  would  have 
seen  that  they  weren’t  doing  the  data 
processing  that  produces  your  pay- 
check.  This  IT  was  a  separate  unit,  of¬ 
ten  at  a  separate  location,  staffed  by 
people  who  might  never  have  been  in 
the  main  data  center.  This  IT  was  fund¬ 
ed  to  create  the  systems  they  hoped 
would  provide  competitive  advantage. 

These  companies  knew  that  the  dif¬ 
ferentiator  between  a  utility  and  an 
innovative  development  organization 
wasn’t  the  CPU,  the  disk  drives  or 
the  networks;  it  was  the  minds  of  the 
individuals  who  created  the  software. 
Competitors,  all  using  the  same  silicon 
and  copper,  produced  results  that 
couldn’t  have  been  more  different. 

And  what  was  the  cause  of  that  differ¬ 
ence?  Pure  thought! 

Carr  is  partially  right:  Companies 
should  rein  in  the  costs  of  the  com¬ 
modity  IT  that  thrives  on  hardware 
and  fiber.  But  IT  for  competitive  ad¬ 
vantage  demands  a  separate  and  total¬ 
ly  different  treatment.  It’s  not  in  dan¬ 
ger  of  coming  to  an  end  or  running 
out  of  innovation.  This  technology 
will  continue  to  provide  competitive 
advantage  for  as  long  as  there  are  cre¬ 
ative  thoughts  and  a  willingness  to 
document  them  in  programs. 

Oh,  and  about  Patent  Commissioner 
Duell’s  comment  that  everything  that 
can  be  invented  has  been  invented:  He 
never  said  it.  Though  often  quoted  and 
referenced,  it  simply  isn’t  true.  Com¬ 
missioner  Duell  had  more  sense  than 
that.  ©  52446 
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IT  Careers:  Diversity  Role  Models  Respond  to  Challenge 


Over  the  past  decade  one  of  the  biggest  challenges  in 
attracting  under-represented  minorities  and  women  to 
technical  careers  has  been  the  lack  of  role  models  -  people 
who  have  gone  before  and  demonstrated  that  everyone 
has  the  opportunity  to  succeed.  While  the  statistics  relating 
to  percentage  of  African  Americans  or  Hispanics  or  women 
have  not  changed  significantly  over  the  past  five  years,  the 
reality  of  being  able  to  point  to  a  significant  leader  who 
"looks  like  me"  is  gaining  traction. 

Two  leaders  identified  as  role  models  say  there  are  two 
challenges  for  role  models:  demonstrating  that  role  models 
are  not  celebrity  entertainers  or  athletes  and  helping  others 
realize  the  need  for  several  role  models,  not  just  one. 

Thaddeus  Arroyo,  Cingular  Wireless'  first  and  only  CIO  for  a 
group  of  6,000  IT  professionals,  says  the  only  constant  role 
model  throughout  his  life  has  been  his  father,  who 
established  work  ethics  and  an  approach  for  creating  his 
own  success.  Arroyo  was  chosen  one  of  the  50  most 
influential  Hispanics  by  Hispanic  Engineering  and 
Information  Technology  magazine.  Arroyo  says  one  of  the 
most  common  things  he  discourages  is  for  an  employee  to 
look  at  a  specific  job  -  CIO  or  Director,  for  instance  -  and 
drive  to  gain  that  job.  "The  approach  I  have  always  taken 
is  not  to  look  five  layers  up  (the  career  ladder)  and  say 
that's  who  I  want  to  be.  Rather,  I  look  at  the  leaders  who 
are  close  to  me,  my  direct  managers  or  their  bosses.  This 
isn't  about  where  you  want  to  end  up  but  where  you  want 
to  go  next,  and  then  building  the  skills  and  experiences  to 


get  there.  Otherwise,  you're  thinking  so  far  ahead  that  you 
may  miss  out  on  building  a  skill  set." 

Arroyo  reiterates  the  need  for  multiple  role  models  because 
lessons  can  be  learned  from  every  person  and  situation.  He 
says  the  composite  of  leadership  and  technical  skills  that 
develops  over  a  career  generates  success.  He  pinpoints  that 
this  approach  allows  professionals  to  focus  on  achieving 
something  vs.  gaining  a  specific  title  or  job. 

Roy  Perry  echoes  Arroyo's  focus.  Perry,  who  is  corporate  vice 
president  of  global  supply  chain  management  for 
StorageTek,  is  recognized  this  month  as  a  Superhero  in  the 
"Engineering  the  Future”  exhibit  at  the  Chicago  Museum 
of  Science  and  Industry.  "It's  difficult  for  a  student  to  look 
at  an  engineer  and  say  that's  exciting  when  they 
have  rock  stars  and  athletes  that  they  see  and  hear 
every  day,"  Perry  points  out.  "We  need  to  show 
them  that  there  is  a  place  for  them  (in  information 
technology  and  engineering)  to  design  and  create, 
that  they  may  not  be  able  to  dunk  a  basketball  but 
they  can  have  a  passion  for  this." 

Perry  works  to  keep  that  passion,  which  he  kindled 
as  a  child  watching  John  Glenn  and  then  through  a 
series  of  teachers  (and  yes,  he  recalls  Ms.  Ward,  Mr. 

Easton  and  Mr.  Griffin  by  name).  He  believes  it  is  critical  to 
identify  evolving  leaders  and  then  assure  they  have 
challenging  assignments.  "Sometimes  I  have  to  create  that 
challenge,"  he  says.  "If  a  bright,  technical  person  is  idle,  he 
becomes  bored  and  you  lose  them."  Perry  adds  community 


responsibility  to  role  model  categories,  in  addition  to 
leadership  and  technical  role  models.  He  says  to  watch  role 
models  in  all  three  areas  to  learn  how  they  make  decisions, 
execute  and  carry  through.  "The  community  responsibility 
is  important  because  it  rounds  out  the  engineer  or  scientist, 
helps  them  to  understand  that  they  have  a  responsibility 
to  their  own  families  but  also  to  making  the  community 
a  better  place.  If  you  don't  learn  this,  when  you  do  become 
a  corporate  executive  your  view  of  corporate  responsibility 
is  quite  diminished.  We  all  need  to  think  in  a  way  that 
our  company  or  business  exists  in  this  town,  and  this 
town  should  be  better  because  we  were  here." 


For  more  information  about  IT  Careers  advertising, 
please  call:  800.762.2977 

Produced  by  Carole  R.  Hedden 


Two  challenges  for  role  models: 
Demonstrate  that  role  models  are  not 
celebrity  entertainers  or  athletes,  and 
help  others  realize  the  need  for  several 
role  models,  not  just  one. 
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Computer  Professionals 

Cambridge  Resource  Group. Inc. 
needs  top-notch  professionals 
w/consulting  exp.  in  some  of  the 
following  areas  or  combination 
thereof:  Java.  JSP,  JDK,  J2EE, 
XML,  JDBC/ODBC.  Websphere, 
MQ  Series,  EJB,  STRUTS.  Un¬ 
ix,  ECommerce,  PowerBuilder, 
Oracle  Financial  Applications, 
PL/SQL.  SQL*Plus,  SQL  Load¬ 
er,  Developer  2000,  Forms,  Re¬ 
ports,  TOAD,  OracleDBA,  Orac¬ 
le,  C,  C++,  VC++,  Erwin  Data 
Modelling/Designing,  Interwov¬ 
en  TeamSite,  ASP.NET,  C#, 
Visual  Studio.NET,  XML,  XSLT, 
SQL  SERVER  2000,  Oracle, 
Developer  2000,  Crystal  Re¬ 
ports,  Sun  Solaris,  Dataware- 
house.  COGNOS,  Informatica, 
Datastage,  COBOL,  JCL,  V- 
SAM,  CICS,  DB2,  MVS.  IMS, 
VSAM,  Teradata,  EDI  Gentran/ 
Mercator,  AS/400,  Lotus  Notes, 
PeopleSoft  HR/Financials,  SAP 
R/3  and  ABAP/4,  Visual  Basic, 
ATLCOM/DCOM,  CORBA,  Tux¬ 
edo,  ColdFusion,  WinRunner, 
Silk,  LoadRunner,  Rational 
Suite,  SQA  Suite,  Visual  Basic, 
MS  SQL  Server,  BaaN  ERP,  sql 
server,  Test  Director,  Rational 
Robot,  Rational  Test  Manager, 
Rational  ClearQuest,  Rational 
Requisite  Pro,  PVCS,  QTP,  Cry¬ 
stal  reports,  Activereports,  Cor- 
ba,  SAP,  Artifical  Intelligence, 
SAS.  Top$.  Requires  Master's/ 
Bachelor's  degree  w/1  to  5  yrs  of 
professional  exp.  Must  be  willing 
to  travel  to  client  sites  through¬ 
out  the  U.S.  Please  email 
resume  to  resumes@crasoft.com 
or  mail  to  CRG  !nc,  18  Lyman 
street,  Suite  207,  Westboro,  MA 
01581. 


Place  your 
Labor  Certification 
ads  here! 

Are  you  frequently  placing 
legal! immigration  advertisements  ? 
Let  us  help  you  put  together  a 
cost  effective  program  that  will 
make  this  time-consuming 
task  a  little  easier. 

Contact:  Danielie  Tetreault  at: 
800-762-  2977 


Sr.  Software  Developer.  Job  in 
Tallahassee,  Florida.  Respon¬ 
sible  for  development  &  mainte¬ 
nance  of  existing  code  base  for 
records  management  software 
in  multi-tier  program  environ¬ 
ment  using  component  based 
object  oriented  methodologies. 
Duties  include  analysis  of  req’s, 
developing  code  base,  &  prepa¬ 
ration  of  technical  documenta¬ 
tion.  Position  requires  installa¬ 
tion  and  configuration  of  record 
and  document  management 
software  and  troubleshooting 
defects  reported  by  QA  and 
Support.  Req’s:  Bachelor's  de¬ 
gree  (or  foreign  equivalent)  in 
CS,  EE  or  CE  plus  4  yrs  experi¬ 
ence  in  job  offered  position  or  4 
yrs  exp  in  related  occupation  as 
a  Software  Engineer  or  Soft¬ 
ware  Developer.  40  hr  wk. 
9am-5pm,  $67,000/yr.  Send 
resume  to  Agency  For  Work¬ 
force  Innovation,  P.O.  Box 
10869,  Tallahassee,  FL  32302. 
RE  JO  FL  #2614742. 


Share  Logic,  Inc  has  openings 
for  the  following  positions  to 
work  at  client  sites  thorughout 
the  United  States: 

Software  Engineer  with  experi¬ 
ence  in  Client  Server,  Java, 
Oracle  SQL,  Sybase  Databases, 
networking  and  web  design. 

Peoplesoft  Software  Engineer 

with  experience  in  Peoplesoft, 
Windows  NT,  Java,  relational 
data  modeling. 

System  Administrator  with 
experience  in  network  systems, 
win  runner,  Oracle  and  Toad 
Tool. 

SAP  Developer  with  experience 
SAP  R/3,  ALE,  IDOCS,  Work- 
flow,  Java  and  BAPI's. 

Apply  to:  Share  Logic,  Inc,  326 
West  Main  Street,  Milford,  CT 
06460. 


Software  Engineer  in  Westmins¬ 
ter,  CO:  Develop  algorithms  in 
decision-based  technologies  for 
company's  applications  in  finan¬ 
cial  analysis.  Work  w/  Manager 
&/or  Sr.  S/W  Architect  to  develop 
strategies  for  applying  s/w  and 
h/w  technologies  to  applications 
under  development.  Participate 
in  s/w  dev  projects  from  concep¬ 
tual-design  through  implementa¬ 
tion  &  testing.  Use  state-of-the- 
art  s/w  technologies  w /  empha¬ 
sis  on  object-oriented  technolo¬ 
gies.  Coordinate  efforts  with  po¬ 
tential  users  and  developers  to 
ensure  user  requirements  are 
covered  in  design  and  imple¬ 
mentation.  Provide  ongoing  sup¬ 
port,  consulting  &  system  en¬ 
hancements  after  release.  BS 
in  Comp  Sci,  Comp  Eng,  Math, 
or  related  or  foreign  equiv,  +  2 
yrs  exp  in  job  offered  or  in  s/w 
dev,  programming/analysis,  or 
design.  Req.  course  work  in  lin¬ 
ear  &  non-linear  programming, 
artificial  intelligence  &  object-ori¬ 
ented  technologies  &  develop¬ 
ment  theories.  Exp  to  have 
included  Microsoft  Windows 
Operating  Systems,  Microsoft 
SQL  &  C++.  40  hrs/wk,  9am- 
5pm,  $77,542/yr.  Application  by 
resume  only.  Respond  to  Work¬ 
force  Development  Programs, 
PO  Box  46547,  Denver,  CO 
80202.  Refer  to  job  order  #: 
CQ51 05606. 


Design  Engineer:  Research, 
dsgn  hw/sw  on  32-bit  embed’d 
processor  w  /  Intel  XScale, 
StrongArm,  Protel  &  Cadence's 
Spectra  toolsets;  Dsgn,  test 
PSpice  for  power  simulat’n, 
model'g  &  high  volt  DC-DC 
power  supplies;  Set  up,  program 
&  operate  Auto'd  Surface  Mount 
Pick  &  Place  (ASMPP)  board 
assembly  machines.  40h/wk,  8- 
5,  MS  in  comp  eng'g  or  related 
fields,  1-yr  wk  exp  in  job  or  other 
pos’n  w/  StrongArm,  PSpice. 
Resume  to  HR,  SI  Solutions, 
Tampa  FL.  Craia@s-i-solutions 
.com.  Fax:  813-630-2532.  Only 
US  Workers  can  Appiy. 


COMPUTER  PROFESSIONALS 
Opportunities  for: 

•  SYSTEMS/BUSINESS/ 
PROGRAMMER  ANALYSTS 

•  PROCESS  CAPABILITY 
ANALYST 

•  QC  ANALYST 

•  WEB  ARCHITECTS/ 
DEVELOPERS 

•  SYSTEMS  ANALYSTS 

•  WEB  GRAPHIC  DESIGNERS 

•  NETWORK  ENGINEERS 

•  PROGRAMMER/ANALYSTS 

•  SOFTWARE  ENGINEERS 
SKILLS’ 

•  COLD  FUSION  •  SPECTRA 

•  ORACLE  •  VISUAL  BASIC 

•  VISUAL  C++  •  SIEBEL  •  ASP 

•  COM,  DCOM  •  JSP  •  HTML 

•  JAVA,  JAVA  BEAN  •  EJB  JAVA 
SERVLETS  •  WEBSPHERE 

•  IBM  MQ  SERIES  •  XML.UML 

•  MTS  •  CLARIFY  •  PERL 

•  OBJECTPERL  •  SPYPERL 

•  SMALLTALK  •  PL/SQL 

•  VISUAL  AGE  •  COBOL,  SPL, 
UNIX 

Visit  our  website  @ 
www.computerhorizons.com 
Attractive  salaries  and  benefits. 
Please  forward  your  resume  to: 
H.R.  Mgr.,  Computer  Horizons 
Corp.,  49  Old  Bloomfield 
Avenue,  Mountain  Lakes,  New 
Jersey  07046-1495.  Call 
973-299-4000.  E-mail:  jobs@ 
computerhorizons.com.  An 
Equal  Opportunity  Employer  M/F. 


ASSOCIATE  PROGRAM¬ 
MER/ANALYST  -  Analyze, 
dsgn.,  dev'p,  conf.,  &  test 
comp.  Soft.  Prgms.  Req'd; 
MS  in  CS;  exp.  w/UNIX, 
HTML,  Java,  SQL  7.0, 
Oracle  9i,  XML,  JSP,  and 
Solaris.  Resumes:  Forest 
Laboratories,  Inc.  500  Corn- 
mack  Road,  Commack,  NY 
11725.  Attn:  C.  Cantalupo. 
Ref.  #2. 


SAP  Development  Lead  (APO  & 
BW)  -  Snr  level,  experience¬ 
intensive  lead  SAP  applications 
development  role  to  estimate 
requirements,  analyze,  design  & 
manage  overall  development, 
testing  &  support  highly  com¬ 
plex/customized  add-ons  to 
SAP’s  “Advanced  Planner  & 
Optimizer"  (“APO”),  Business 
Warehouse  ("BW”)  &  R/3  sys¬ 
tems  implemented  globally.  Will 
also  technically  mentor  less- 
experienced  SAP  staff,  perform 
resource  allocation  &  budget 
estimates.  Technical  oversight 
responsibilities  require  24/7  on 
call  availability.  Requires  a  Bach 
degree  (or  equivalent)  in  MIS, 
Comp  Science,  Computer  En¬ 
gineering,  Electrical  Eng,  Math 
or  relevant  field  plus  7  years  in 
job  offered  OR  7  yrs  exper  in 
application  development,  the 
majority  of  which  was  in  SAP 
R/3  and  at  least  1  yr  specifically 
involved  leading  a  development 
team  for  custom  enhancements 
of  SAP’s  Demand  Planning 
(“DP”)  &  Supply  Network  Plan¬ 
ning  ("SNP")  modules,  inter¬ 
faced  with  SAP’s  “BW”.  Must 
also  possess  demonstrated  abil¬ 
ity  in  the  following:  (1)  configur¬ 
ing  &  customizing  Core  Interface 
("CIF”)  for  data  transfer  between 
R/3  &  APO;  (2)  designing  &  con¬ 
figuring  BW  infocubes,  infos- 
ources,  infosets,  datasources  & 
infopackages  &  interfacing  be¬ 
tween  BW  &  other  on-line  trans¬ 
action  processing  systems;  (3) 
designing,  developing  &  sup¬ 
porting  SAP  interfaces  using 
RealTech’s  Interface  Manage¬ 
ment  3  ("IM/3”)  tool;  (4)  configur¬ 
ing,  extending  &  customizing 
data  extraction  using  Intermedi¬ 
ate  Documents  (“IDocs")  &  Ap¬ 
plication  Link  Enabling  (“ALE")  & 
(5)  independently  monitoring  & 
fixing  batch-cycle  problems  in 
SAP/UN IX/Autosys  job-schedul¬ 
ing  environment.  Sal:  $108,000/ 
yr,  9a-5p.  Send  2  copies  of  resu¬ 
me  only  to  Case  #  200300610. 
Division  of  Career  Services,  La¬ 
bor  Certification  Unit,  19  Stam¬ 
ford  St.,  1st  fl. ,  Boston,  MA 
02114.  Applicants  must  be  U.S. 
workers  eligible  to  accept  full¬ 
time  employment  in  U.S. 
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Computer  Professionals 

Computer  Consultants.  Inc. 
needs  top-notch  professionals 
w/consulting  exp.  in  some  of  the 
following  areas  or  combination 
thereof:  Java,  JSP  ,JDK  J2EE, 
XML,  JDBC/ODBC,  Websphere, 
MQ  Series,  EJB,  STRUTS,  Un¬ 
ix,  ECommerce,  PowerBuilder. 
Oracle  Financial  Applications, 
PL/SQL,  SQL*Plus,  SQL  Load¬ 
er,  Developer  2000,  Forms,  Re¬ 
ports,  TOAD,  Oracle  DBA,  Or¬ 
acle,  C,  C++,  VC++,  Erwin  Data 
Modelling/Designing,  Interwov¬ 
en  TeamSite,  ASP.NET,  C#,  Vis- 
ualStudio.NET,  XML,  XSLT,  SQL 
SERVER  2000,  Oracle,  Devel¬ 
oper  2000,  Crystal  Reports,  Sun 
Solaris.  Datawarehouse,  COG- 
NOS,  Informatica,  Datastage, 
COBOL,  JCL,  VSAM,  CICS, 
DB2,  MVS,  IMS,  VSAM,  Tera- 
data,  EDI  Gentran/Mercator, 
AS/400,  Lotus  Notes,  People- 
Soft  HR/Financials,  SAP  R/3 
and  ABAP/4,  Visual  Basic,  ATL- 
COM/DCOM,  CORBA,  Tuxedo, 
ColdFusion,  WinRunner,  Silk, 
LoadRunner,  Rational  Suite, 
SQA  Suite,  Visual  Basic,  MS 
SQL  Server,  BaaN  ERP,  sqlserv- 
er,  Test  Director,  Rational  Robot, 
Rational  Test  Manager,  Rational 
ClearQuest,  Rational  Requisite 
Pro,  PVCS,  QTP,  Crystal  re¬ 
ports,  Active  reports,  Corba, 
SAP,  Artifical  Intelligence,  SAS. 
Top  $.  Requires  Master's/Bach¬ 
elor's  degree  w/1  to  5  yrs  of  pro¬ 
fessional  exp.  Must  be  willing  to 
travel  to  client  sites  throughout 
the  U.S.  Please  email  resume  to 
resumes@computerconsultant 

inc.com  or  mail  to  CCI  INC,  222 
Turnpike  Rd,  Suite  9A,  West- 
boro,  MA  01581 . 


SYSTEM  ANALYST 

Analyze  business  and  all  other 
data  processing  problems  for 
application  to  electronic  data 
processing  systems.  Analyze 
user  requirements,  procedures, 
and  problems  to  automate  or 
improve  existing  systems  and 
review  computer  system  capa¬ 
bilities,  work-flow,  and  schedul¬ 
ing  limitations.  Bachelor  of  Sci¬ 
ence  in  Computer  Science  and 
two  years  experience  required  in 
Java,  Java-script,  HTML,  C++, 
Windows,  Oracle,  MS  Access, 
Unix,  Fox-base,  COBOL,  and 
Perl.  $74000  per  year.  Qualified 
applicants  submit  resumes  to 
Samuel  J.  Grosso,  Vice  Presi¬ 
dent,  Kimso  Apartments.  Inc., 
240  Parkhill  Avenue  Staten 
Island,  NY  10304. 


INFORMATION  TECH 

RevereData  LLC  seeks  candi¬ 
dates  for  the  following  positions 
in  downtown  SF: 

Sr.  System  Administrator  - 
Exp  in  design  &  support  of  real¬ 
time  financial  systems  on  multi¬ 
platform  environ. 

Senior  Architect  -  Exp  in  des¬ 
ign  architecture  of  applications 
in  the  multi-tier,  multi-platform 
environ. 

Data  Architect  -  Exp  in  data 
modeling,  ORACLE,  ETL, 
OLAP,  ERD,  UML,  IDEF1X, 
J2EE,  Unix  Shell. 

Senior  Software  Engineer  - 
Exp  in  Java/Web  Ui  developer, 
3+  yr.,  Oracle,  J2SE,  XSLT, 
DHTML. 

Senior  Database  Admin.  -  Exp 

w/Oracle/MS  SQL  on  multi-plat¬ 
form  environ. 

Software  Engineer  -  Real-time 
Software  developer  w/exp  in  Cl 
C++,  TCP/IP  networking,  IP  pro¬ 
tocols  design,  Oracle. 

To  Apply:  Send  resume  w/refer- 
ence  to  position  sought  to  HR 
Department,  Revere  Data,  Jobs 
LC05,  222  Sutter  St.,  Suite  450, 
San  Francisco,  CA  94108. 


Research  Engineer  for  EM 
s/w  development  with  MS  in 
EE  or  related  field  &  min  3 
yrs  exp  in  FDTD  code 
development.  Duties  in¬ 
clude:  developing  efficient 
serial  &  parallel  CFDTD 
Maxwell  solver  engines  on 
a  PC  cluster  &  tools  for 
visualization  of  the  simulat¬ 
ed  results.  Mail  resume  to 
RM  Associates  (RMA), 
1211  Deerfield  Dr,  State 
College,  PA  16803-2207,  or 
fax  to  814-865-1299. 


Software  Engineer  wanted  by 
AS  Systems  working  in  Austin 
to  develop  S/W  on  CTI,  call 
center  IVP  using  skills  such  as 
TSAPI,  TAPI  &  integration  with 
AVAYA,  Norte!  switches,  em¬ 
bedded  system  programming. 
Please  send  resumes  to  9600 
Greant  Hill  Trail,  Ste  150W, 
Austin,  TX  78759. 

Internet  Operation  Center 
(IOC)  seeks  software/project 
engineers,  analysts,  DBA.  Dut¬ 
ies  include  quality  assurance, 
use  Oracle,  Web  Tech,  VB, 
DB2,  ASP,  C/C++,  XML,  Java / 
Script.  Must  have  MS  or  BS 
plus  experience.  Job  site: 
Southfield,  Ml.  Please  apply  at 
resume@iocenter. net.  EOE. 


SYSTEMS  ANALYST 

Analyzes  user  requirements, 
procedures  and  problems  to  au¬ 
tomate  processing  or  to  improve 
existing  computer  systems.  BS 
in  CS  or  IS  or  eng.  or  math-relat¬ 
ed  and  2  yrs.  Exp.  in  job  offered. 
Must  be  able  to  travel.  Incl.  in 
the  2  yrs.,  must  have  2  yrs.  exp. 
with  various  computer  skill  sets 
such  as:  C#,  VB.NET,  ASP  .Net, 
ADO. Net,  Visual  Basic,  ASP, 
COM,  ActiveX,  JAVA,  C++,  D- 
HTML,  VBScript,  XML,  .NET  & 
J2EE  architecture,  WinForms, 
WebForms,  Web  Services,  Cry¬ 
stal  Report  9.0  Designer,  Oracle, 
MS  SQL  Server,  MS  Access,  ER 
Diagram,  MS  SharePoint  &  SAP 
Sales  Module  and  SDLC.  40 
Hrs./wk.  9  to  5,  Mon-Fri;  No 
overtime.  $57,450/yr.  Apply  re¬ 
sume  to  Attn  Nagesh  Ganta, 
Capricorn  Systems,  Inc.,  3569 
Habersham-at-Northlake,  Build¬ 
ing  K, Tucker,  GA  30084. 


VLS  Systems  has  openings  for 
the  following  positions  to  work  at 
client  sites  throughout  the  Unit¬ 
ed  States:  Software  Engineers, 
Programmer  Analysts,  DBA’s, 
and  Project  Managers  with  ex¬ 
perience  in  any  of  the  following 
tools  and  technologies:  Java 
Technologies,  Informatica,  Bus¬ 
iness  Objects,  OOA/OOD,  Orac¬ 
le  Technologies,  Solaris,  Lotus 
Notes,  Domino,  ETL  Processes, 
Hyperion  Essbase,  MS  Analysis 
Services,  Datawarehouseing, 
Perl,  Tuxedo,  DTS,  Websphere, 
Weblogic,  Rational  Rose,  XML, 
XSL,  PL/SQL,  C++,  BRIO,  ERP, 
SAP.  EJB's  COM,  AS/400, 
DCOM,  Peoplesoft,  SQL  Server, 
T-SQL,  Shell  Scripts,  COBOL, 
JCL,  JMS,  Swing,  Entity  Beans, 
DB2,  EAI,  Biztalk,  and  .net  tech¬ 
nologies  including  ASP,  ADO, 
VB  and  C#.  Send  resume  to: 
VLS  Systems,  9900  Main  Street, 
Ste.  304,  Fairfax,  VA  22031. 


Technical  Writer,  Northport,  AL: 
Analyze  &  document  client  busi¬ 
ness  processes  to  integrate 
technology.  Prep,  system  &  pro¬ 
gram  specifications:  document 
program  &  system  logic;  prep.  & 
maintain  user  guides  &  technical 
manuals;  monitor  system  chang¬ 
es;  develop  &  document  recov¬ 
ery  plans,  standard  ops  proce¬ 
dures  &  equip,  maintenance. 
Req:  Bachelors  (or  foreign, 
equiv  or  eqiv.  in  experience  and / 
or  education  in  Computer  or 
Business  fields  +  2  yrs  exp.  in 
job  or  2  yrs  performing  technical 
documenting  of  business  sys¬ 
tems.  Mail  resume  to  Applied 
Infotech,  501  Bridge  Ave, 
Northport,  AL  35746. 


Amtex  Systems  seeks  Software. 
System  Engineers,  DBA  to 
design  Oracle/DB2,  web-based 
applications.  Req:  MS  or  BS 
with  exp.  Job  site:  various  of  the 
country  including  Detroit,  Ml. 
Travel  maybe  required  for  some 
positions.  Please  send  resume 
to  info@amtexsystems.com. 
EOE. 

Computer  Contract  Services, 
Inc.  has  openings  for  Sr.  IT 
Consultants.  Job  site:  Ann  Arbor, 
Michigan.  Minimum  requirement 
is  BS  with  2-yr  experience  using 
the  SAS  system.  Unix  &  NT  plat¬ 
forms.  Competitive  wage  with 
full  benefits.  Please  contact 
ken.schmidt@ccsiteam.com. 
EOE. 


Programmer  Analyst:  Design, 
develop,  analyze,  test,  and  rec¬ 
ommend  software  requirements 
for  database  applications  as  well 
as  develop  and  perform  data¬ 
base  management  for  leading 
industry  clients.  Use  object-ori¬ 
ented  programming  using 
Oracle,  Java,  Perl,  XML,  Solaris, 
Web  logic,  C++  and  current  Web 
Technologies  in  Windows,  Unix 
and  Linux  environments.  Need 
Bachelors  Degree  in  Comp. 
Science  or  MIS  or  related  &  2 
yrs  of  exp.  Send  Resumes  to 
HR.  Asset  Optimization  Group, 
Inc.,  11200  Richmond,  Suite 
470,  Houston,  TX  77082  or  E- 
mail:  hr@aogtech.com 


Test  Engineer 

Develop  and  debug 
complex  ICT  test  pro¬ 
grams  on  the  HP3070. 
B.S.  Elec  or  Comp 
Eng.  req.,  Extensive 
knowledge  of  HP3070 
platform  req.  2  yrs  exp. 
req.  Comp  salary. 
Email  resume  to 
John@apgtest.com. 

APG  Test  Consultants. 
Longmont,  CO. 


Oracle  Database  Administra¬ 
tor:  To  administer  Oracle 
RDBMS,  9i  App  Server,  Ap¬ 
plications  11.0.3  (Financials) 
Oracle  Collaboration  suite.  FT 
position  &  competitive  salary. 
Requires:  MS  -  Information 
Management  or  computer  sci¬ 
ence,  3  yrs  experience,  & 
Oracle  Certified  Professional. 
Send  resumes  to:  Karen 
Cumber  (Administrative  As¬ 
sistant)  HR,  Allen  Lund 
Company,  4529  Angeles 
Crest  Hwy,  #300B,  La 
Canada,  CA  91011  or  E-Mail 
to  resume@allenlund.com. 


Systems  Administrator  sought 
by  North  American  Color, 
experienced  with  Network 
Design,  Installation,  Mainten¬ 
ance,  Troubleshooting,  Admin¬ 
istration,  and  Disaster  Recov¬ 
ery  skills.  Applicants  must 
have  MS/BS  in  Computer  Sci¬ 
ence  or  Engineering  with  relat¬ 
ed  experience.  NAC  provides 
a  competitive  salary  and  bene¬ 
fits.  Send  Resume  to:  HR 
Dept.,  5960  S.  Sprinkle  Road, 
Portage,  Ml  49002  or  email  to 
funger@nac-mi.com.  EOC. 


ATTENTION: 

Law  Firms 
IT  Consultants 
Staffing  Agencies 


Place  your 
Labor  Certification 
ads  here! 

Are  you  frequently  placing 
legal! immigration  advertisements  ? 
Let  us  help  you  put  together  a 
cost  effective  program  that  will 
make  this  time-consuming 
task  a  little  easier. 

Contact:  Danielle  Tetreault  at: 
800-762-  2977 

iTjcareers 
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IT  Careers  offers  you 
information  on  the  most 
relevant  career  management 
topics  relative  to  IT 
recruitment. 

Here’s  what’s  coming  up  next: 

March  14: 

IT’s  #1  Career  Choice 

March  28: 

Financial  Services 


♦♦♦♦♦♦♦♦♦♦♦♦♦♦ 


Be  sure  to  take  advantage  of  this 
great  opportunity  to  brand  your 
company  or  display  your  recruitment 
message  in  IT  Careers  amid  these 
specialized  editorials 


Contact  us: 

800-762-2977 

Visit  us  at: 

www.itcareers.com 

Powered  By: 

Career  Joumal.com 
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Ads 

Placed 

Weekly 

Didn’t  find  the 
IT  Career 
Opportunity 
you  were 
looking  for? 

■■■■■■ 

Check  back 
weekly  for 
fresh  job  listings 

placed  by 
top  companies 
looking  for  skilled 
IT  professionals 
like  you! 


iT|careers 

800-762-2977 


PROGRAMMER/ANALYST  to 
analyze,  design,  develop  and 
support  application  software  in  a 
client/server  environment  using 
object  oriented  analysis,  C,  C++, 
VC++,  MFC,  COM/DCOM,  CO¬ 
BOL,  DB2,  MS  SQL  Server,  Or¬ 
acle,  SPII,  IVR,  CTI  experience 
with  Intel  Dialogic  APIs  and 
Visual  Studio  on  Windows  NT/ 
XP,  UNIX  and  IBM  MVS/OS390 
platforms.  Require:  B.S.  degree 
in  Computer  Science/Engineer¬ 
ing,  or  a  closely  related  field  with 
1  yr  of  exp  in  the  job  offered  or 
as  a  Software  Engineer.  Exten¬ 
sive  travel  on  assignments  to 
various  client  sites  within  the 
U.S.  is  required.  Competitive 
salary  offered.  Send  resume  to: 
SatishKumar  Ashok,  CSR  Data 
Systems,  Inc.,  21  Crestwood 
Street,  Piscataway,  NJ08854; 
Attn:  Job  RS. 


SENIOR  PROGRAMMER/ANA¬ 
LYST  to  analyze,  design,  develop 
and  configure  application  soft¬ 
ware  using  Java,  EJB,  JDK,  JSP, 
Servlet,  JDBC,  Applet.  HTML, 
Weblogic,  Frontpage,  Flash  and 
Oracle  under  Windows  operating 
system.  Require:  B.S.  degree  in 
Computer  Science,  an  Engin¬ 
eering  discipline,  or  a  closely 
related  field  with  2  yrs  of  exp  in 
the  job  offered  or  as  a  Software 
Engineer.  Extensive  travel  on 
assignments  to  various  client 
sites  within  the  U.S. is  required 
Competitive  salary  offered.  Send 
resume  to:  Shilpa  Chaudhry,  Elite 
Solutions,  Inc.,  1670  Reserve 
Way,  Ste  203,  Decatur,  GA 
30033;  Attn:  Job  CS. 


ATTENTION: 

Law  Firms 
IT  Consultants 
Employment  Professionals 


Place  your 
Labor  Certification 
ads  here! 

Are  you  frequently  placing  legal 
or  immigration  advertisements? 

Let  us  help  you  put  together  a 
cost  effective  program  that  will 
make  this  time-consuming  task  a 
little  easier. 


Contact: 

Danielle  Tetreault 

800-762-2977 

danielle  tetreault@itcareers.net 


www.itcareers.com 

Powered  by 
®  CareerJoumal.com 

A—  TH£  till  STIBT  JKV4L 


IT  consulting  firm  located  in 
Vermont  has  multiple  openings 
for  IT  professionals  to  serve 
multiple  clients  throughout  the 
U.S.  Job  duties  include:  Analy¬ 
sis,  design,  development  and 
testing  of  computer  applications. 
Specific  skill  sets  needed  in¬ 
clude: 

•  .Net  Developers 

•  J2EE  Developers 

•  Data  warehousing  Developers 
(Cognos/lnformatica,  Abinitio/ 
Business  Objects) 

•  Database  Developers/DBA 
(Oracle  or  DB2) 

•  Hyperion  Developers 

•  QA  Testers 

•  ERP  Consultants  -  Oracle/ 
Peoplesoft/SAP 

All  positions  require  a  relevant 
college  degree  and  relevant  ex¬ 
perience.  Some  senior  level 
positions  available.  Competitive 
salaries.  Must  be  willing  to  trav¬ 
el/relocate.  Send  resume  to: 
iobs@iTechUS.com.  Refer  to 
JO#010-N.  Applicants  must 
have  authority  to  work  perma¬ 
nently  in  the  U.S. 


SOFTWARE  ENGINEER  to  de¬ 
sign,  develop,  model,  test  and 
implement  client/server  web- 
based  applications,  databases 
and  business  intelligence  solu¬ 
tions  using  Java,  SQL  Server, 
Visual  Basic,  COM+,  Oracle  and 
ASP  under  Windows  NT/XP/ 
2003  Server  and  Linux  operat¬ 
ing  systems.  Require:  M  S.  de¬ 
gree  in  Computer  Science,  an 
Engineering  discipline,  or  a 
closely  related;  Must  have  a 
demonstrated  ability  to  perform 
the  stated  duties  gained  through 
academic  coursework/previous 
work  exp.  Extensive  travel  on 
assignment  to  various  client 
sites  within  the  U.S.  is  required. 
Competitive  salary  offered.  Ap¬ 
ply  by  resume  to:  Steve  Atkins, 
Computer  Technology  Solutions. 
Inc.,  2800  Milan  Court,  Ste  213, 
Birmingham,  AL  35211;  Attn:  Job 
SM. 


SENIOR  SOFTWARE  ENGIN¬ 
EER  to  design,  develop,  main¬ 
tain  and  implement  Oracle  appli¬ 
cations,  focusing  on  HR,  Payroll 
and  OAB  modules,  using  Orac¬ 
le,  PL/SQL,  SQL,  SQL*Loader, 
SQL*Plus,  Developer  2000  (For¬ 
ms/Reports),  Toad,  Java,  JSP, 
HTML,  DHTML.  JavaScript, 
XML  and  XSLT  under  UNIX  and 
Windows  operating  systems; 
Mentor  junior  programmers  and 
engineers.  Require:  B.S.  deg¬ 
ree  in  Computer  Science,  an  En¬ 
gineering  discipline,  or  a  closely 
related  field  with  5  yrs  of  pro¬ 
gressively  responsible  exp  in  the 
job  offered  or  as  a  Programmer/ 
Analyst  or  Programmer.  Extens¬ 
ive  travel  on  assignments  to  var¬ 
ious  client  sites  within  the  U.S.  is 
required.  Competitive  salary 
offered.  Apply  by  resume  to: 
Srinivasa  R.  Manne,  Methodex 
Consulting  Services,  Inc.,  1517 
W.  Irving  Blvd.,  Irving,  TX 
75061;  Attn:  Job  DP 


PROGRAMMER/ANALYST  to 
analyze,  design,  develop,  test, 
implement  and  document  com¬ 
puter  software  for  business  and 
financial  applications  using  Ja¬ 
va,  SQL,  HTML,  Java  Script,  Lo¬ 
tus  Notes,  Lotus  Script  and  Do¬ 
mino  under  UNIX  and  Windows 
operating  systems.  Require: 
B.S.  degree  in  Computer  Sci¬ 
ence,  an  Engineering  discipline, 
or  a  closely  related  field  with  2 
yrs  of  exp  in  the  job  offered  or  as 
a  Programmer.  Extensive  travel 
on  assignments  to  various  client 
sites  within  the  U.S. is  required. 
Competitive  salary  offered.  Ap¬ 
ply  by  resume  to:  PishuHarjani, 
Focus  Software,  Inc.,  22  Perim¬ 
eter  Center  East,  Ste  2205, 
Atlanta,  GA  30346;  Attn:  Job  SJ. 


Data  System  Programmer- 
Design  &  develop  an  unemploy¬ 
ment  insurance  &  payment  pro¬ 
cessing  appl  based  on  existing 
mainframe  systems  currently  in 
place  for  State  of  SD.  Rewrite 
monetary  determination  process 
to  improve  efficiency  &  reduce 
manual  process.  Design,  devel¬ 
op  &  deploy  a  new  web-enabled 
appl  interface  so  that  general 
public  can  file  new  &  additional 
claims  through  the  internet. 
$40K/yr,  40hpw,  7:30am-4:30 
pm.  Bachelor’s  degree  in  Comp 
Sci,  EE  or  related  field  or  equiv 
foreign  degree.  1  -yr  exp  in  the 
job  offered  or  as  a  Sfware  Engr 
or  1  -yr  exp  with  each  of  the  fol¬ 
lowing:  Systems  development 
methodology,  HTML,  CSS, 
JavaScript,  VisualStudio.net, 
ADO.net,  T-SQL  &  SQL-2000. 
Must  be  willing  to  t!  ravel  &  relo¬ 
cate  if  necessary.  Submit 
resumes  to:  South  Dakota 
Career  Center,  420  South 
Roosevelt.  PO  Box  4730, 
Aberdeen,  SD  57402-4730.  Tel: 
605-626-2340,  Fax:  605-626- 
2228.  Pis  reference  to  Job  Order 
No.  SD  1273385. 


SYSTEMS  SUPPORT  SPEC¬ 
IALIST  to  provide  tech,  support 
to  employees;  Configure,  main¬ 
tain  &  back-up  workstations  & 
Windows  2000/2003  servers  w / 
IIS  &  MS  SQL;  Develop  secure 
samba  infrastructure  for  file 
server;  Create  develop  &  main¬ 
tain  an  unattended  Windows 
installation  infrastructure  for 
automatic  install,  of  all  Windows 
operating  systems  w /  the  latest 
updates,  firewall  configuration  & 
security  lock  down  of  servers 
and  workstations;  Test  security 
updates  &  service  packs  to 
ensure  compatibility  w /  existing 
applications  &  infrastructure: 
Maintain  &  troubleshoot  mail, 
DHCP  &  DNS;  Perform  network 
backups  w /  Veritas  Backup 
Exec;  Maintain  a  FlexLM  license 
server  &  a  server  that  scans  e- 
mail  for  viruses/spam  before  for¬ 
warding  it  to  the  exchange  serv¬ 
er  for  delivery  w /  sendmail, 
mime-defang  &  spamassassin, 
Build  servers  &  workstations; 
Troubleshoot  LAN/WAN/VPN 
connectivity;  Maintain  server  & 
network  docum.  Require  B.S. 
degree  in  Computer  Science,  an 
Engeering  discip.,  or  a  closely 
related  field  w /  2  yrs  of  exp  in  the 
job  offered.  Competitive  salary 
offered.  Send  resume  to  HR, 
Praxis  3  PC.,  1776  Peachtree 
St,  Ste  520  South  Tower,  Atlanta, 
GA  30309;  Attn:  Job  DR. 


Systems  Analyst:  Analyze  cus¬ 
tomer  requirements,  procedures 
&  problems  to  automate  proces¬ 
sing  to  improve  existing  comput¬ 
er  technology,  or  for  installation 
of  new/replacement  computer 
systems;  confer  with  customers 
to  analyze  current  operational 
procedures,  identify  problems  & 
determine  possible  solutions; 
upgrade  new/existing  computer 
technology  &  correct  errors  in 
the  system  after  implementation. 
40  hr.  per  wk,  7:30AM  -  4:30PM, 
$1 8.86/hr,  depending  on  qualifi¬ 
cations  and  exp.,  B.S.  in  Sys¬ 
tems  Analyst  or  Computer  Sci¬ 
ence,  2  yr  exp  job  offered  or  2  yr 
exp  related  occupation  in  com¬ 
puter  hardware/software  instal¬ 
lation,  diagnosis  &  repair.  Exp. 
must  include:  integration  of  MS 
Windows  and  UNIX  operating 
systems,  network  installation, 
security  &  troubleshooting;  & 
Linux.  Microsoft  Certified  Syst¬ 
ems  Engineer  or  ability  to  obtain 
same  prior  to  employment.  Exp 
may  be  gained  concurrently. 
Send  Resume  to:  Agency  for 
Workforce  Innovation  P.O.  Box 
10869,  Tallahassee,  FL  32302- 
JOFL#2614456. 
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Project  Engineer  (Stamford,  CT 
and  other  locations  in  the  U.S.) 
sought  to  serve  as  a  configura¬ 
tion  and  settings  expert  in  a  soft¬ 
ware  development  team  for  a 
medical  image  network  manage¬ 
ment  system.  Duties  include  co¬ 
ordinating  special  project  activi¬ 
ties,  serving  as  project  technical 
lead  throughout  implementation, 
and  directing  a  team  of  up  to  6 
engineers  and  technicians.  Qua¬ 
lified  applicants  have  a  bache¬ 
lor's  degree  in  Computer  Sci¬ 
ence  or  Information  Systems  (or 
equivalent  of  a  bachelor's  de¬ 
gree  based  on  a  combination  of 
foreign  education  and/or  work 
experience  in  the  Computer 
Science  or  Information  Systems 
fields)  and  3  years  of  work  expe¬ 
rience  in  Picture  Archiving  and 
Communications  Systems,  radi¬ 
ology  workflow,  enterprise  oper¬ 
ating  systems  (including  cluster¬ 
ing  and  network  load  balancing), 
Microsoft  NT/2000,  and  TCP-IP 
or  HTML.  Please  mail  resume  to 
Fujifilm  Medical  Systems  U.S. A., 
Inc.,  419  West  Avenue.  Stam¬ 
ford,  CT  06902,  Attention:  H.R.- 
Trump.  NO  PHONE  CALLS. 
EOE. 


Software  Engineer  IV  - 
Web  Technology 

(Waltham,  MA)  -  Provide  con¬ 
ceptual  &  technical  solutions  to 
complex  business  or  technical 
problems.  Plan,  design,  struc¬ 
ture  &  implement  internal  & 
external  websites  &  systems  in 
the  telecommunications  indus¬ 
try.  Develop  back-end  web  sys¬ 
tems  &  ensure  quality,  security  & 
integrity  of  information.  Design 
&  develop  business  process 
information  systems  for  the 
telecommunications  industry  on 
n-tier  architecture  using  object 
oriented  techniques  using  Java-, 
Corba,  J2EE,  Unix  &  Oracle. 
Provide  guidance  to  developers 
in  the  implementation  of  such 
Web  systems  &  work  with  the 
end  user  in  the  requirements 
gathering  as  well  as  software 
development.  Position  requires 
a  Bachelor's  degree  in  Civil 
Engineering  or  Computer  Sci¬ 
ence  &  2  yrs  of  experience  in  the 
job  offered  or  in  the  related 
occupation  as  an  Engineer.  2 
yrs  of  experience  must  include 
experience  with  Java,  Corba, 
J2EE,  Unix  &  Oracle.  9-5,  M-F, 
40  hrs/wk.  $60,500/yr.  Submit 
2  copies  of  resume  to  Case 
#200300533,  Division  of  Career 
Services,  Labor  Certification 
Unit,  19  Staniford  Street,  1st  fir, 
Boston,  M A  02114. 


SOFTWARE  QA  ENGINEER  to 
design,  develop  and  execute 
test  plans  and  test  cases  for 
web-based  applications;  Create 
and  execute  automated  testing 
scripts  and  manual  functional 
tests  using  WinRunner,  Test- 
Director,  Oracle,  SQL  Server, 
MS  Access,  ASP,  HTML,  VB¬ 
Script,  C,  C++,  UNIX  Shell  and 
JavaScript  on  Windows  and  UN¬ 
IX  platforms;  Perform  GUI,  func¬ 
tional,  integration  and  regres¬ 
sion  tests;  Review  and  correct 
test  programs,  test  plans  and 
test  scripts  developed  by  QA 
Analysts;  Train  and  mentor  team 
members  in  the  use  and  imple¬ 
mentation  of  automated  testing 
tools.  Require:  M.S.  degree  in 
Computer  Science/Engineering, 
or  a  closely  related  field  with  1  yr 
of  exp  in  the  job  offered  or  as  a 
Software  QA  Programmer.  Ex¬ 
tensive  travel  on  assignment  to 
various  client  sites  within  the 
U.S.  is  required.  Competitive 
salary  offered.  Apply  by  resume 
to:  Vishy  Dasari,  President, 
Objectnet  Technologies,  Inc., 
1117  Perimeter  Center  West, 
#E-1 04,  Atlanta,  GA  30338;  Attn: 
Job  AN. 


Infinite  Computing  Systems  a 
Cedar  Rapids,  Iowa  Company  is 
seeking  qualified  computer  pro¬ 
fessionals.  Current  positions 
available  must  meet  the  follow¬ 
ing  requirements.  All  positions 
require  at  least  a  Bachelors 
degree  (3  year  fgn  Bachelor 
degrees  are  acceptable).  We 
may  have  additional  positions 
available  in  addition  to  the  ones 
listed.  Multiple  positions  are  like¬ 
ly  available  in  some  positions. 
Candidate’s  salary  offered  rela¬ 
tive  to  experience  and  skills. 
Candidates  must  be  willing  to 
relocate  and  travel  as  needed. 

A  variety  of  positions  are  avail¬ 
able,  which  require  between  1-5 
years  of  experience  in  the 
below-listed  skills.  Certain  posi¬ 
tions  may  require  a  Masters 
degree. 

•  Java,  HTML,  XML,  Weblogic 
or  Websphere 

•  Expeditor,  Cobol,  DB2,  JCL, 
IDMS  or  IMS 

•  ERP  (e.g.  SAP,  Peoplesoft  or 
Oracle  Apps) 

•  Visual  Basic,  SQL,  ASP.net, 
SQL  Server 

•  Easytreive,  QMF,  Cobol, 
CICS,  SAS,  TSO/ISPF 

•  C,  C++,  GUI,  Oracle  or 
Informix  or  Sybase 

Please  send  resume  and  cover 
letter  to:  Raj  Inani,  President, 
Infinite  Computing  Systems, 
Inc.,  230  2nd  Street  -  Ste  214, 
Cedar  Rapids,  IA  52401 . 


Software  Professionals:  RS 
Software,  a  leading  globally 
positioned  software  develop¬ 
ment  and  consulting  firm  needs 
programmer/analysts,  willing  to 
relocate  at  employer’s  expense 
to  its  multinational  clients  nation¬ 
wide  with  exp.  in  the  following 
skill  mixes: 

-  COBOL,  CICS,  DB2,  SQL 
Server,  Turbo  Image,  MPEix 
on  HP3000  platform 

-  C,  C++.  VC++,  MFC,  Oracle 
and  OOAD  on  embedded 
technology 

-  MVS,  JCL.  IMSDB,  Fileaid, 
Xpeditor,  C,  C++,  Unix,  CO¬ 
BOL,  CICS,  DB2  and  MQ 
Series  on  credit  card  applica¬ 
tions. 

IT-Technical  Service 
Coordinator 

Liaise  w/in-house  IT  personnel  & 
multinat'l  clients  to  coorde  & 
optimize  IT  svces  &  minimize 
aggregate  IT  operational  costs 
thru  appropriate  coord,  of  in- 
house  resources  &  overseas 
out-source.  Undertaking  of  maj¬ 
or  s/w  dev.  contracts  and  exe¬ 
cuting  projects  using  the  global 
execution  model.  Update  corp. 
clients  on  emerging  tech,  inno¬ 
vations  &  development  plans  for 
effective  deployment  of  emerg¬ 
ing  technologies  w /  a  particular 
focus  on  large  financial  svcs 
clients. 

Send  resume  to:  HR,  RS 
Software  (I)  LTD.,  1900 
McCarthy  Blvd.,  #103,  Milpitas, 
CA  95035. 


SOFTWARE  ENGINEER  to  de¬ 
sign,  develop,  model,  test  and 
implement  client/server  web- 
based  applications,  databases 
and  business  intelligence  solu¬ 
tions  using  object  oriented  pro¬ 
gramming,  UML,  C,  C++,  Visual 
Basic,  Access,  SQL  Server, 
Java,  Oracle,  Transact/SQL,  Ex¬ 
cel,  ActiveX,  ADO.  HTML,  XML 
and  IIS  under  Windows  and 
Linux  operating  systems.  Re¬ 
quire:  M.S.  degree  in  Computer 
Science/Engineering,  or  a  close¬ 
ly  related  field;  Must  have  a 
demonstrated  ability  to  perform 
the  stated  duties  gained  through 
academic  coursework/previous 
work  experience.  Extensive  tra¬ 
vel  on  assignment  to  various 
client  sites  within  the  U.S.  is  re¬ 
quired.  Competitive  salary  of¬ 
fered.  Apply  by  resume  to: 
Steve  Atkins,  Computer  Technol¬ 
ogy  Solutions,  Inc.,  2800  Milan 
Court,  Ste  213,  Birmingham, 
AL35211;  Attn:  Job  RD. 
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Testing  SP2 

Gartner  Inc.  predicts  that 
half  of  enterprise  XP  desktop 
systems  will  be  running  SP2  by 
year’s  end.  But  Gartner  analyst 
Michael  Silver  said  sporadic 
reports  of  applications  being 
broken  by  the  software  proves 
the  need  for  careful  testing, 
“since  there’s  no  easy  way  to 
tell  which  applications  may 
break  and  which  will  be  OK.” 

Lengthy  Process 

And  the  testing  clearly  takes 
time.  Jean  Delaney  Nelson, 

CIO  at  Securian  Financial 
Group  Inc.  in  St.  Paul,  Minn., 
said  her  company’s  SP2  project 
started  in  August,  when  the  IT 
staff  began  researching  which 
parts  of  the  service  pack  it 
wanted  to  install.  Securian 
then  created  and  started  test¬ 
ing  operating  system  “builds” 
with  applications,  a  process  it 
expects  to  complete  in  May. 

So  far,  Securian  has  identi¬ 
fied  a  half-dozen  applications 
that  have  issues  with  SP2,  in¬ 
cluding  some  software  that 
vendors  haven’t  certified  for 
the  update,  Delaney  Nelson 
said.  She  added  that  none  of 
the  problems  are  major,  but 
Securian  won’t  be  ready  to 
start  deploying  SP2  to  its  575 
XP  machines  until  July.  Most 
of  the  company’s  2,500  desktop 
machines  run  Windows  2000. 

“SP2  is  not  just  like  a  patch. 
It’s  almost  like  a  whole  new 
version  of  the  software,”  said 
John-Mark  Tucker,  IT  manag¬ 
er  at  Red  Dot  Corp.  in  Seattle. 
“It  really  should  be  considered 
an  upgrade,  and  that  should 
trigger  more  precaution.” 

But  beyond  isolated  prob- 


Correction 

The  name  of  Tim  Dougherty, 
director  of  IBM's  BladeCenter 
server  division,  was  spelled  in¬ 
correctly  in  a  story  in  the  Feb.  21 
News  section  (“IBM,  Sun  Look  to 
Simplify  IT  Infrastructure”). 


lems,  Red  Dot’s  SP2  installa¬ 
tion  has  gone  smoothly  and  is 
helping  to  protect  the  compa¬ 
ny  from  malicious  attacks, 
Tucker  said.  A  virus  infected 
Red  Dot’s  network  during  the 
SP2  testing  period,  but  it  had 
no  effect  on  the  machines  run¬ 
ning  SP2,  he  noted. 

Red  Dot,  which 
makes  heating  and  air- 
conditioning  systems 
for  large  vehicles,  par¬ 
ticipated  in  Micro¬ 
soft’s  Technical  Adop¬ 
tion  Program  and  test¬ 
ed  some  25  applica¬ 
tions  —  including 
ERP  and  computer- 
aided  design  software 
—  against  new  builds 
of  SP2  during  the  beta  period. 
Tucker  estimated  that  the  test¬ 
ing  process  took  three  to  four 
days  for  each  new  build. 

But  some  companies  have 
hundreds  of  applications  to 


THIS  MONTH’S  announcement 
by  Microsoft  Chairman  Bill  Gates 
that  Internet  Explorer  7.0  will  be 
made  available  only  to  users  of 
Windows  XP  SP2  and  the  up¬ 
coming  Longhorn  release  of  Win¬ 
dows  isn't  sitting  well  with  some 
IT  managers. 

Although  corporate  users  con¬ 
tacted  last  week  said  they’re  hap¬ 
py  about  the  security-focused 
improvements  that  Microsoft 
plans  to  make  to  its  Web  brows¬ 
er,  several  added  that  they  think 
IE7  should  also  be  supported  on 
Windows  2000. 

“Windows  2000  was  built  for 
the  Internet  and  bought  with 
good-faith  expectations  on  secu¬ 
rity,”  said  Charlie  Ward,  manager 
of  IT  architecture  at  Duke  Power 
Co.  in  Charlotte,  N.C.  “If  IE7 
works  only  on  Windows  XP  SP2 
and  above,  Microsoft  is  forcing 
customers  with  no  other  com¬ 
pelling  reason  to  upgrade  to 
spend  additional  money  to  pro¬ 
tect  themselves  from  flaws  in 
Microsoft’s  products.” 


test  and  still  aren’t  ready  to 
begin  deploying  SP2. 

For  example,  Edmonton, 
Alberta-based  Atco  I-Tek  Inc., 
the  IT  arm  of  Canadian  ener¬ 
gy  and  logistics  company  Atco 
Ltd.,  supports  more  than  600 
operational  applications  on  its 
XP  systems,  accord¬ 
ing  to  Bruce  Schmidt, 
leader  of  Atco  I-Tek’s 
workstation  architec¬ 
ture  team. 

“Smaller  software 
vendors  don’t  seem 
to  be  ready  to  com¬ 
mit  to  SP2  compati¬ 
bility,”  Schmidt  said. 
“Others  will  only 
commit  with  the  lat¬ 
est  product  release, 
which  is  not  always  what  is 
currently  being  used.” 

Only  about  a  dozen  of  the 
company’s  4,000  XP  desktops 
have  been  updated  to  SP2. 
Schmidt  said  that  thus  far, 


Microsoft  last  week  declined 
to  comment  about  IE7.  A  compa¬ 
ny  spokesman  said  more  details 
will  be  made  available  when  the 
first  beta  is  released. 

Gates  said  during  a  keynote 
address  at  the  RSA  Conference 
2005  in  San  Francisco  two 
weeks  ago  that  Microsoft  ex¬ 
pects  to  deliver  a  beta  version  by 
“early  in  the  summer."  Fie  vowed 
that  IE7  will  add  “a  new  level  of 
security,”  including  stronger  de¬ 
fenses  against  phishing  attacks, 
malicious  software  and  spyware. 
But  the  earliest  edition  of  Win¬ 
dows  that  will  be  supported  is  XP 
SP2,  Gates  said. 

Martin  Colburn,  chief  tech¬ 
nology  officer  at  the  National 
Association  of  Securities  Dealers 
Inc.,  said  the  industry  standard 
is  typically  to  make  improve¬ 
ments  backward-compatible 
for  the  previous  one  or  two  re¬ 
leases.  He  added  that  it  would 
make  sense  for  Microsoft  to 
do  the  same,  since  the  compa¬ 
ny  has  had  “notoriously  weak 


HSP2  is  not  just 
like  a  patch. 

If  s  almost  like  a 
whole  new  version 
of  the  software. 


JOHN-MARK TUCKER, 

IT  MANAGER,  RED  DOT  CORP. 

most  problems  have  been  re¬ 
lated  to  the  new  Windows 
Firewall  technology.  A  loom¬ 
ing  concern  moving  forward  is 
distributing  the  “jumbo-sized” 
SP2,  he  added. 

At  the  Kentucky  Depart¬ 
ment  of  Education,  the  only 
difficulty  associated  with  its 
SP2  deployment  was  insuffi¬ 
cient  disk  space  on  some 
systems,  noted  Tim  Cornett, 
a  network  engineer  at  the 
agency. 

SP2  checks  in  at  265MB, 
although  Microsoft  says  the 


security”  in  its  products. 

“If  [users]  want  a  level  of  se¬ 
curity  that  probably  should  have 
been  there  with  the  product  all 
along,  they’ve  got  to  upgrade,” 
Colburn  said.  “That's  a  little  bit 
challenging  for  customers  that 
have  already  set  out  their  up¬ 
grade  schedules.” 

Kindred  Healthcare  Inc.  has 
about  11,000  desktops  running 
Windows  2000.  Because  the 
Louisville,  Ky.-based  company 
plans  to  skip  XP  with  the  excep¬ 
tion  of  tactical  situations,  it  will 
have  to  wait  for  Longhorn  to  get 
IE7,  said  Rob  Rhodes,  a  technical 
consultant  at  Kindred. 

The  desktop  version  of  Long¬ 
horn  is  expected  to  be  released 
next  year.  Microsoft  originally 
planned  to  deliver  IE7  and  Long¬ 
horn  at  the  same  time. 

But  Craig  Roth,  an  analyst  at 
Meta  Group  Inc.,  said  Microsoft 
wants  to  show  that  it’s  “not 
standing  still”  as  the  open-source 
Firefox  browser  continues  to  gain 
users.  The  new  IE7  plan  "has  a 


amount  of  code  installed  on 
systems  could  be  smaller  be¬ 
cause  the  update  is  a  “smart 
download”  that  will  install 
only  what  the  user  actually 
needs.  The  average  download 
for  Windows  XP  Professional 
users  is  expected  to  be  about 
100MB,  according  to  a  Micro¬ 
soft  spokesman. 

Microsoft  claimed  that  a 
November  survey  of  800  en¬ 
terprise  customers  who  at¬ 
tended  its  educational  work¬ 
shops  on  SP2  showed  that  77% 
planned  to  deploy  the  update 
during  the  next  six  months. 

“We  understand  that  many 
of  our  enterprise  customers 
have  very  complex  environ¬ 
ments,”  said  Jon  Murchinson, 
a  Windows  group  product 
manager  at  Microsoft.  “We  ad¬ 
vised  in  August  that  they  pro¬ 
ceed  with  testing  before  they 
rolled  it  out  to  the  general 
populace.”  ©  52824 


bit  of  a  freezing  effect  on  compa¬ 
nies  that  might  have  been  think¬ 
ing  about  changing  browsers,” 
Roth  said. 

Roger  Wilding,  a  senior  tech¬ 
nical  engineer  at  a  global  ship¬ 
ping  and  supply  chain  services 
company,  said  Microsoft  is  up  to 
“its  old  tricks”  with  IE7.  “They 
weren’t  going  to  do  a  new  IE  until 
Longhorn  came  out,”  he  said. 
“Now  there  is  a  threat  out  there, 
Firefox,  so  they  are  reacting  -  but 
only  a  little  bit.” 

Yet  Wilding  said  his  company, 
which  he  asked  not  be  identified, 
has  no  plans  to  switch  browsers. 
“Firefox  doesn’t  work  on  some 
intranet  sites  we  have,  and  there 
is  no  central  way  to  patch  it,” 
he  said. 

Some  users  were  sympathetic 
to  Microsoft's  plight.  “As  a  soft¬ 
ware  guy  myself,  I’m  well  aware 
of  the  time  and  cost  to  do  back¬ 
ward  compatibility,"  said  Jeremy 
Lehman,  CIO  at  New  York-based 
Thomson  Financial.  He  added 
that  it’s  “better  to  have  some¬ 
thing  now  than  wait  another  year 
for  a  perfect  solution.” 

-  Carol  Sliwa 


Microsoft’s  New  Browser  Plan  Miffs  Win2k  Users 


Periodical  postage  paid  at  Framingham,  Mass.,  and  other  mailing  offices.  Posted  under  Canadian  international  Publication  agreement  #40063800.  CANADIAN  POSTMASTER:  Please  return  undeliverable  copy  to  PO  Box  1632,  Windsor,  Ontario  N9A  7C9.  Computerworld  (ISSN  0010-4841)  Is  published 
weekly  except  a  slngie  combined  issue  for  the  last  two  weeks  In  December  by  Computerworld,  Inc.,  1  Speen  Street,  Box  9171,  Framingham,  Mass.  01701-9171.  Copyright  2004  by  Computerworld  Inc.  All  rights  reserved.  Computerworld  can  be  purchased  on  microfilm  and  microfiche  through  University 
Microfilms  Inc  300  N.  Zeeb  Road,  Ann  Arbor,  Mich.  48106.  Computerworld  is  Indexed.  Back  issues,  if  available,  may  be  purchased  from  the  circulation  department.  Photocopy  rights:  permission  to  photocopy  for  internal  or  personal  use  is  granted  by  Computerworld  Inc,  for  libraries  and  other  users  regis¬ 
tered  with  the  Copyright  Clearance  Center  (CCC),  provided  that  the  base  fee  of  $3  per  copy  of  the  artlcie,  plus  50  cents  per  page,  is  paid  directly  to  Copyright  Clearance  Center.  27  Congress  St„  Salem.  Mass,  01970.  Reprints  (minimum  100  copies)  and  per-  ijjSIk 

mission  to  reprint  may  be  purchased  from  Renee  Smith.  Computerworld  Reprints,  c/o  Reprint  Management  Services,  Greenfield  Corporate  Center.  1808  Colonial  Village  Lane,  Lancaster,  Pa..  17601,  (717)  399-1900,  Ext.  172.  Fax:  (717)  399-8900.  Web  site:  j||pRpA 
www.reprintbuyer.com.  E-mail:  reprints@computerworld.com.  Requests  for  missing  issues  will  be  honored  only  if  received  within  60  days  of  issue  date.  Subscription  rates:  $5  per  copy:  U.S.  -  $99.99  per  year;  Canada  -  $130  per  year;  Central  &  So.  America.  m  .........  A. 

$250  per  year;  Europe  -  $295  per  year;  all  other  countries  -  $295  per  year.  Subscriptions  call  toll-free  (888)  559-7327.  POSTMASTER;  Send  Form  3579  (Change  of  Address)  to  Computerworld.  PO  Box  3500,  Northbrook.  III.  60065-3500. 


48  COMPUTERWORLD  February  28, 2005 


THE  BACK  PAGE 


www.computerworld.com 


FRANK  HAYES  ■  FRANKLY  SPEAKING 

Paris  Hilton  &  You 


IT  DIDN’T  REQUIRE  a  California  law  for  data-theft  victims  to 
be  notified  after  Paris  Hilton’s  phone  book  hit  the  Web  a  week 
ago.  Oh,  they  knew.  Dozens  of  celebs,  ranging  from  rapper 
Eminem  to  tennis  babe  Anna  Kournikova,  suffered  through 
hundreds  of  calls  from  fans,  pranksters  and  anyone  else  who 
found  the  contents  of  Hilton’s  T-Mobile  cell  phone  on  the  Internet. 
There  were  also  snapshots,  to-do  lists  and  transcripts  of  Hilton’s 
text-messaging  chats.  But  what  caught  headlines  were  the  phone 
numbers  of  all  those  poor,  beleaguered  B-listers,  suddenly  out  there 
where  any  nobody  with  a  dialing  finger  could  call  them. 

C’mon,  stop  snickering.  I’m  getting  to  a  serious  point  here. 


See,  Hilton  thought  all  that  personal  data 
was  on  her  cell  phone,  tucked  safely  away  in 
her . . .  well,  wherever  she  keeps  it.  But  she  was 
wrong.  The  data’s  real  home  was  on  T-Mobile’s 
servers.  Her  Sidekick  II  phone  stored  the  data 
there  automatically,  just  as  it  was  designed  to. 

That  arrangement  means  the  data  won’t  be 
lost  if  the  phone  is  damaged  or  the  batteries  die. 
But  it  also  means  that  if  anyone  were  to  hack 
into  T-Mobile’s  servers,  they’d  have  access  to 
whatever  Hilton  put  in  her  phone:  pictures, 
documents,  phone  numbers,  the  works. 

And  T-Mobile’s  servers  have  a  history  of  be¬ 
ing  hacked.  In  October  2003,  intruders  got  into 
T-Mobile’s  customer  databases  and  acquired 
passwords  and  other  information  that,  in  turn, 
let  the  bad  guys  access  customer  accounts. 
Hilton’s  account  information  was  reportedly 
compromised  at  that  time. 

So  was  account  information  for  a  hotshot  U.S. 
Secret  Service  agent,  Peter  Cavicchia.  Cavicchia 
didn’t  store  the  numbers  of  celebrity  friends 
on  his  phone  —  that  is,  on  T-Mobile’s  servers. 
He  stored  material  linked  to  ongoing  Secret 
Service  criminal  investigations. 

According  to  the  New  York  Daily 
News,  that  allowed  one  or  more 
hackers  to  access  numerous  Secret 
Service  documents,  including  re¬ 
ports,  requests  for  subpoenas  and 
a  confidential  treaty  with  Russia. 

Cavicchia  has  since  left  the  Secret 
Service,  which  says  the  security 
breach  didn’t  compromise  any  on¬ 
going  investigations.  And  last  week 
22-year-old  Nicholas  Jacobsen 
pleaded  guilty  to  the  2003  T-Mobile 
break-in.  He’ll  be  sentenced  in  May. 

Now  think:  If  a  Secret  Service 


agent  stored  sensitive  information  on  his 
phone,  how  many  of  your  users  have  likely 
done  the  same  thing?  And  even  if  you’ve 
warned  them  to  guard  their  phones  carefully, 
how  many  have  unknowingly  stored  sensitive 
company  documents  or  data  on  a  cell  phone 
company’s  servers,  where  the  only  thing  stand¬ 
ing  between  that  data  and  hackers  is  security 
you  have  no  control  over? 

You  can’t  protect  that  information.  You  don’t 
even  know  what  information  is  at  risk.  And 
your  users  don’t  even  know  it.  is  at  risk. 

Not  snickering  now,  are  you?  We’re  not  talk¬ 
ing  about  glitterati  inconvenience  and  embar¬ 
rassment  any  more.  This  is  about  your  job:  pro¬ 
tecting  your  company’s  data. 

What  can  you  do?  You  could  ban  the  use  of 
state-of-the-art  cell  phones  (which  won’t  work). 
Or  you  could  carefully  audit  every  user’s  phone 
account  for  security  (which  would  add  a  huge 
amount  of  work). 

Or  you  can  once  again  take  on  the  challenge 
of  educating  your  users.  You  can  explain  the 
risks  of  storing  company  data  on  their  phones. 

And  offer  guidance  about  what 
data  is  safest  to  keep  on  which 
phones.  And  encourage  them  to 
consult  with  IT  to  keep  potential 
problems  to  a  minimum. 

Yes,  that’s  still  a  big  job.  It  will 
require  educating  yourself  on  cell 
phone  risks,  too.  But  if  you  can  get 
users  to  understand  what’s  on  the 
line,  maybe  you  can  get  them  to 
help  you  keep  that  data  secure  in¬ 
stead  of  fighting  you. 

After  all,  you  don’t  really  want 
to  end  up  like  Paris  Hilton,  do  you? 
©  52795 


frank  hayes,  Computer- 
world’s  senior  news  colum¬ 
nist,  has  covered  IT  for  more 
than  20  years.  Contact  him  at 

frank_hayes@computerworld.com. 


When  Users  Get  Creative 

Client  is  giving  contract  developer  pilot  fish  the  re¬ 
quirements  for  a  new  system  to  manage  his  transport 
business.  According  to  the  client,  an  open  ticket 
should  be  valid  for  return  travel  up  to  a  month  after  the 
outbound  journey.  How  should  the  system  calculate 
“a  month  after”?  fish  asks.  Thirty  days  later?  “No,  one 
month  later,”  says  client,  “the  same  date  in  the  follow¬ 
ing  month.”  So  what  is  the  date  one  month  after  Jan. 
31?  asks  fish.  Client:  “February  31.” 

Time-out! 

SHARK 
TANK* 


This  machine 
shop  uses  PCs 
just  for  time 
and  attendance 
reporting.  But  one  morn¬ 
ing,  arriving  first-shift 
workers  call  the  help 
desk  to  complain  that 
they  can’t  clock  in. 

“They  said  they  could 
see  the  log-in  screen  but 
couldn’t  type  their  IDs 
and  passwords,”  IT  pilot 
fish  says.  “A  trip  to  the 
shop  floor  proved  them 
right  and  made  it  clear 
we  needed  to  lock  down 
the  PCs  much  tighter. 
Someone  on  second 
shift  made  a  screenshot 
of  the  log-in  screen,  then 
saved  it  as  the  wallpaper 
on  all  the  machines!” 

You  Awake? 

0n-call  IT  pilot  fish  gets 
beeped  at  1  a.m.  by  a 
computer  operator 
whose  mainframe  is 
misbehaving.  “I  had  it 
fixed  after  about  an 
hour,”  fish  reports.  “I 
messaged  the  operator 
that  the  job  had  been 
restarted,  and  he  could 
continue  with  the  nightly 
cycle.  About  a  half-hour 
later,  he  kindly  woke  me 
again  to  inform  me  that 
the  job  completed  suc¬ 
cessfully.  I  thanked  him 
for  his  diligence  and  told 
him  it  was  not  necessary 
to  wake  me  up  again  for 
successful  completions.” 


Yeah,  but 
It  Worked, 
Didn’t  It? 

User  is  getting 
an  error  mes¬ 
sage  she  doesn’t  under¬ 
stand,  so  support  tech 
asks  her  to  send  him  a 
screenshot  so  he  can 
see  what  she’s  talking 
about.  “A  few  minutes 
later,  he  gets  a  PDF  file 
attached  to  an  e-mail,” 
reports  a  pilot  fish  on  the 
scene.  “She  took  a  pic¬ 
ture  of  her  computer 
with  her  digital  camera 
and  e-mailed  the  picture 
to  him.” 

So  That’s  It! 

Telecommuting  pro¬ 
grammer  wants  to  con¬ 
nect  remotely  to  his  of¬ 
fice  PC,  but  he  keeps 
getting  an  error  mes¬ 
sage.  Net  admin  pilot 
fish  stops  by  and  checks 
out  programmer’s  PC, 
and  remote  connectivity 
seems  to  operate  just 
fine.  “I  demonstrate  that 
it’s  working  and  ask  him 
to  try  to  connect  that 
evening,”  fish  says. 
“Next  morning,  same  re¬ 
port  -  no  connectivity  - 
but  this  time  he  includes 
a  screen  print  of  the 
message,  and  I  know 
what’s  wrong.  I  inform 
him  that  remote  connec¬ 
tivity  works  much  better 
if  he  doesn’t  turn  his 
computer  off  when  he 
leaves  the  office.” 


OSHARKYS  ALWAYS  CONNECTED.  Send  me  your 
true  tale  of  IT  life  at  sharky@computerworld.com. 

You'll  snag  a  snappy  Shark  shirt  if  I  use  it.  And  check  out  the 
daily  feed,  browse  the  Sharkives  and  sign  up  for  Shark  Tank 
home  delivery  at  computerworld.com/sharky. 
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POSTAGE  WILL  BE  PAID  BY  ADDRESSEE 


COMPUTERWORLD 

PO  BOX  3500 

NORTHBROOK  IL  60065-9846 


I.IImIIm.II 
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world 


COMPUTERWORLD  Pass  Along  Application 


FOR  FASTER  SERVICE  APPLY  ONLINE  AT: 
HTTPV/WWW.CWSUBSCRIBE.COM/RW 

I  wish  to  receive  a  FREE  subscription 
to  COMPUTERWORLD. 

□  YES  □  NO 


SIGNATURE 


DATE 


BUSINESS  PHONE  NUMBER  (INCLUDING  AREA  CODE) 


BUSINESS  FAX  NUMBER  (INCLUDING  AREA  CODE) 


INTERNET/E-MAIL  ADDRESS 


Please  answer  all  questions,  sign  and  date  the 
application.  Incomplete  forms  will  not  be  processed.  A 
complimentary  subscription  to  COMPUTERWORLD  will  be  sent 
to  those  applicants  who  qualify.  The  publisher  reserves  the  right 
to  limit  the  number  of  subscriptions  accepted. 

FREE  subscriptions  available  in  the  U.S.  only.  Foreign  and 
Canadian  rates  available  upon  request. 


O  Please  provide  name  and  address.  The 
information  below  must  be  filled  out. 

Please  print.  Military:  please  specify  branch  of  service 
and  name  of  base  (if  applicable).  You  must  supply  company 
name  and  address  to  qualify.  (Check  one  only) 


FIRST  NAME  LAST  NAME 


TITLE 


COMPANY  NAME 


DIVISION/MAIL  STOP  DELIVERY 

COMPANY  ADDRESS  [P  O  BOXES  NOT  ACCEPTED  ON  THIS  LINE) 


CITY  STATE  ZIP 

Optional:  DELIVERY  ADDRESS  (Home  or  P.0.  Box).  Enter  address 
below  only  If  your  company  WILL  NOT  accept  delivery  to  the 
company  address  already  listed.  Address  below  is: 

□  A.  Home  address  □  B.  Alternate  company  address 

POST  OFFICE  BOX  OR  STREET  ADDRESS 


CITY  STATE  ZIP 


Which  of  the  following  best  describes  your 
organization’s  industry  or  function  at  this  location? 

(Check  ONE  only) 

NON-COMPUTER  RELATED  INDUSTRIES 

□  01.  Aerospace 

□  02.  Manufacturing  &  Process  Industries  (non-computer  related) 

□  03.  Finance/Banking/Accounting 

□  04.  Insurance/Real  Estate/Legal  Services 

□  05.  Government:  Federal  (including  Military) 

□  06.  Government:  State  or  Local 

□  07.  Health/Medical/Dental  Services 

□  08.  Retailer/Wholesaler/Distributor  (non-computer  related) 

□  09.  Transportation/Utilities 

□  10.  Communication  Carriers  (ISP,  Telecomm, 

Data  Comm,  TV/Cable) 

□  11.  Construction/Architecture/Engineering 

□  12.  Data  Processing  Services 

□  13.  Education 

□  14.  Agriculture/Forestry/Fisheries 

□  15.  Mining/Oil/Gas 

□  16.  Travel/Hospitality/Recreation/Entertainment 

□  17.  Publishing/Broadcast/Advertising/Public  Relations/Marketing 

□  18.  Research/Development  Lab 

□  19.  Business  Services/Consultant  (non-computer  related) 
COMPUTER  RELATED  INDUSTRIES 

□  20.  Mfg.  of  Computers.  Communications, 

Peripheral  Equipment  or  Software 

□  21.  Computer  Related  Retailer/Wholesaler/  Distributor 

□  22.  VAR,  VAD.  Systems  or  Network  Integrator 

□  23.  Computer/Network  Consultant 

□  24.  Service  Provider  (ASP,  ESP.  Web  Hosting) 

□  25.  E-commerce/Internet  and  other  Computer  Related 

Business  Services 

□  98.  Other _ 

please  specify 

©  What  is  your  primary  job  title?  (Check  ONE  only) 

IT  MANAGEMENT 

□  01.  CIO,  CTO,  CS0 

□  02.  Executive  VP,  Sr.  VP 

□  03.  Vice  President 

□  04.  Director 

□  05.  Manager/Other  IT  Manager 

□  06.  Supervisor 

□  07.  Systems  Integrator 

□  08.  Technical  Consultant 

BUSINESS  MANAGEMENT 

□  09.  CEO.  COO.  Chairman,  President 

□  10.  CFO.  Controller,  Treasurer 

□  11.  Executive  VP,  Sr.  VP.  VP,  General  Manager 

□  12.  Director,  Manager 

□  13.  Other  Corporate/Business  Manager 

□  14.  Consultant  (Non-Technical) 

IT  STAFF 

□  15.  IT  Staff  (Including  Software/Tech.  Engineer) 

OTHER 

□  98.  Other  (Non-Manager) 


please  specify 

What  is  the  total  number  of  employees  at  all  locations  in 
your  entire  organization  including  divisions,  branches 
and  subsidiaries?  Consultants:  Please  answer  for  the  number  of 
employees  of  your  largest  client.  (Check  ONE  only) 

□  01.  20,000  or  more 

□  02.10,000-19,999 

□  03.5,000-9,999 

□  04.1,000-4,999 

□  05.500-999 

□  06.100-499 

□  07.50-99 

□  08.  Less  than  50 

©  What  is  your  organization’s  total  annual  budget  for 
information  services,  including  computers  and 
communications  hardware,  software,  consulting  and 
services?  Consultants:  Please  include  the  budget  for  your  clients 
as  well  as  that  of  your  own  business.  (Check  ONE  only) 


□ 

01. 

$1  billion  or  more 

□ 

02. 

$500  to  $999.9  million 

□ 

03. 

$100  to  $499.9  million 

□ 

04. 

$50  to  $99.9  million 

□ 

05. 

$10  to  $49.9  million 

□ 

06. 

$1  to  $9.9  million 

□ 

07. 

$500,000  to  $999,999 

□ 

08. 

$250,000  to  $499,999 

□ 

09. 

$100,000  to  $249,999 

□ 

10. 

Under  $100,000 

□ 

99. 

None 

For  the  product/service  groups  listed  below,  please 
indicate  the  annual  dollar  value  of  computing/networking/ 
communication  equipment  and  software/services,  which 
YOU  are  currently  or  will  be  involved  in  purchasing. 

Please  write  the  correct  number  code  for  the  dollar  amount  on  the 
corresponding  line.  Note:  If  you  cannot  distinguish  between  this  and 
other  location(s),  put  response  in  the  first  column.  Consultants:  Please 
include  what  you  recommend  for  your  clients  as  well  as  what  you  buy  for 
your  own  business. 

01.  $250  million  or  more 
02.  $150  to  $249.9  million 
03.  $100  to  $149.9  million 
04.  $50  to  $99.9  million 
05.  $10  to  $49.9  million 
06.  $1  to  $9.9  million 
07.  $500,000  to  $999,999 

PRODUCT/SERVICE 

Electronic  Commerce/ 

Internet  Business 

Internet/Intranet/Extranet 

Telecommunication 
Equipment/Service 

PCs  (desktop/notebook) 

Servers/Workstations 

Networking  Products/ 

Services 

Large  Distributed  Systems 
(mainframe/midrange/mini) 

Peripherals 
Software 

Mobile/Wireless/Handhelds 
Storage  Management 

Systems  Integrators/ 

Consultants 

Please  select  the  statements  below  that  best  describe  your 
personal  involvement  in  the  purchase  process  for  IT 
products/services  (including  e-business  initiatives)  for 
either  yourself  at  work,  for  others  in  your  organization  or 
on  behalf  of  a  client.  (Check  ALL  that  apply) 

□  01.  Authorize/approve  purchase 

□  02.  Evaluate/recommend  products,  brands,  vendors 

□  03.  Specify  features/technical  requirements 

□  04.  Set  budget  for  expenditures 

□  05.  Determine  need  to  purchase 

□  06.  Create  IT  strategy 

NONE  of  the  above  □  99. 

Please  indicate  the  Operating  Systems/Network 
Environments  currently  in  use  or  planned  for  use  at  this 
entire  location.  (Check  ALL  that  apply) 

□  01.  Windows  Server  2003 

□  02.  Windows  XP 

□  03.  Windows  2000 

□  04.  Windows  NT 

□  05.  Windows  95/98 

□  06.  Windows  CE 

□  07.  PalmOS 

□  08.  OS/400 

□  09.  VM/MVS 

□  10.  Linux 

□  11.  UNIX 

□  12.  Solaris 

□  13.  Netware 

□  14.  Mac  OS 

□  98.  Other 

NONE  of  the  above  □  99. 


08.  $250,000  to  $499,999 
09.  $100,000  to  $249,999 

10.  $75,000  to  $99,999 

11.  $50,000  to  $74,999 

12.  $25,000  to  $49,999 

13.  Under  $25,000 
99.  None 

For  this  For  all  other 

location  locations 
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TEAR  ALONG  PERF,  FOLD  IN  THIRDS,  TAPE  AND  MAIL.  DO  NOT  STAPLE. 


